All Businesses Selling in Europe Face Potential Fines — GDPR Day’s Approaching
Less than 4 Months until GDPR is the Law — Are you Ready?
The incoming European Union regulation called the General Data Protection Regulation (GDPR) is going to have a huge impact on lead generating activities including a company’s website and digital marketing channels.
Many have heard of the ‘GDPR’ already but for some who might be thinking ‘I’m not registered in the EU, this doesn’t apply to me’ you’re very wrong.
There’s a good chance, this new law probably applies to you whether your company is registered inside or outside the European Union. Below is a closer look at how all businesses in these categories must comply:
- Companies registered in the European Union.
- UK companies (Brexit has not happened yet so EU law still applies).
- All non — European Union companies doing business within the EU.
Why the GDPR’s Important to You:
The General Data Protection Regulation is the biggest update to European data protection laws in a generation. Because it is European Union regulation and not an EU directive that would provide for local adaptation, it does not need any local implementation to come into force on May 25th 2018.
Potential fines are substantial and a good reason for companies to ensure compliance with the regulation. The GDPR has two levels of fines:
- Up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.
- Up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.
This regulation will be automatic across all EU member states including the UK because on the 25th of May 2018 the UK will still be a full member of the European Union. Note to UK businesses: yes the GDPR does impact your company so start preparing to avoid scrambling at the last second to comply.
The London law firm Harbottle & Lewis has written a good article on how the GDPR could play-out after any Brexit agreement finalizes investigating the various possible scenarios for businesses that operate in the UK.
UK Data Protection Act vs GDPR:
According to the UK’s Information Commissioner’s Office, the body that regulates data protection, many of the GDPR’s main concepts are the same as those in the current UK Data Protection Act (DPA) so if your business is already complying properly with the current law then most of your approach to compliance will remain valid under the GDPR. However, there are new elements and significant enhancements, so you will have to do some new things and other things differently.
For example, organizations will have to review their approach to governance and how they manage data protection as a corporate issue. This is because the GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate accountability.
What if I am Not a Business Headquartered in the EU?
You will still most likely need to comply if you are operating inside or selling into the European Union because your business operations and digital channels like your website will be inside an EU country collecting customer data.
For example if you are an American, Brazilian or Japanese company and you sell into any country in the European Union, you will need to be compliant with the GDPR because you are handling the personal data of EU citizens. Unfortunately having your servers outside the EU doesn’t cut it because someone inside the EU will be sending or accessing personal data and that is covered by the GDPR.
For businesses inside an EU member state, consult your country’s data protection regulator for more information or a local data protection lawyer.
Meanwhile, businesses outside the EU can reference the European Union guidance or consult a local data protection lawyer who will be able to further assist you.
12 Action Points from the ICO:
The UK’s Information Commissioner’s Office (ICO) suggests mapping out which parts of the GDPR will have the greatest impact on your business model and work on updating those areas with the level of attention they require in your planning process. The ICO has created a useful 12 step guide to getting ready for the GDPR that all businesses can use as a reference tool.
Protect your Business:
It’s important to stay on top of the rules and regulations that govern your business’s operations. Changes ushered in by the GDPR will impact how you carry out your marketing activities and steps need to be taken to get your business ready ahead of the GDPR’s implementation date of 25 May 2018.
If you liked this post please click and hold the 👏 button below.
Follow me on Medium and Twitter @CambridgeTricia
Visit me at www.ShowMeMyCustomers.com
Cambridge MBA | Marketing Consultant | Speaker | Author | Ghostwriter