E-Handbook:

What GDPR privacy requirements mean for U.S. businesses

BACKGROUND IMAGE: Maxiphoto/GettyImages

By sowing 'FUD,' the GDPR sends a clear message

The General Data Protection Regulation is coming, and companies that haven't been preparing for the past couple of years will face challenges when enforcement of the GDPR privacy policy begins on May 25, 2018.

The GDPR is more than an update to the European Union Data Protection Directive (DPD). It also adds greater urgency to compliance given the potential for fines of up to 4% of an offending company's annual revenue or 20 million euros, whichever is higher.

Sowing fear, uncertainty and doubt (FUD) may not have been the intention behind the GDPR. But many businesses will have much to fear in the uncertainty of how strictly GDPR privacy rules will be enforced, as well as doubt over what actions will trigger the highest penalties.

Much of the GDPR -- as with the DPD before it -- focuses on best practices for data privacy as well as information security, but two new GDPR requirements will be challenging for even the best-defended enterprises: prompt breach notification and "the right to be forgotten."

Under the GDPR, companies will be judged not on how well they check the compliance boxes, but in large part on whether or not they are able to perform these two functions under the pressure of customer demand or an ongoing breach.

We don't yet know how the GDPR will be enforced and just how bad a violation will have to be to trigger the harshest penalties. But what is clear is that the new law requires organizations be far more responsive to these situations.

If a company fails to do prompt breach notification, it won't matter if it has audits certifying its compliance with GDPR privacy regulations. Likewise, if an organization hasn't checked off all the compliance boxes -- but is still able to scrub its databases in response to requests to be "forgotten" by consumers -- it may be able to avoid penalties.

With GDPR, the EU is sending a signal to enterprises: Do the right thing for your customers, or suffer the consequences.

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

-ADS BY GOOGLE

Close