Here’s how the GDPR is likely to affect youAugust 24, 2017
On May 25, 2018, the European General Data Protection Regulation (GDPR) goes into effect, replacing the Data Directive from 1995. Their website calls it “the most important change in data privacy regulation in 20 years.”
That’s because it imposes dramatic requirements around how you should protect, use, store, and delete personal data. It also applies to a sweeping range of organizations—and not only in the EU. It affects anyone who collects and stores personal data about EU citizens. So this is a huge deal for organizations everywhere, including the United States. A PwC survey showed that 92% of U.S. companies consider GDPR a top priority for them right now.
Here are the highlights of what you need to know about the GDPR. And we’ll be sharing more in the coming weeks about how you can get ready.
You’ll have to meet a high standard
The GDPR puts forth some strict new rules about how you should protect, use, store, delete, and deliver personal data. We won’t go in to all the details, but we’ve pulled a few key examples to give you the gist. Under the new law, you’ll need to:
- Meet ~160 requirements to keep a wider range of personal data safe
- Notify the authorities, the public, and your customers when there’s a breach
- Delete or deliver customer data when they ask you to
- Appoint an official data protection officer
- Be able to prove that you’re compliant (such as with documentation)
There are hefty fines if you don’t comply
If you don’t comply, you could be fined up to €20 million (that’s around $24 million USD) or 4% of your global annual turnover, whichever is higher. An Ovum report says that 52% of companies believe they’re likely to get a fine. Ovum also predicts that the EU might collect around $6 billion in penalties in the first year.
It will take time and money to get ready
Most organizations will need to spend a significant investment of time and money to meet the requirements. According to the same PwC survey above, 68% of U.S. companies expect to spend anywhere from $1-10 million to meet GDPR requirements. Another 9% expect to spend more than $10 million.
Most companies won’t get ready in time
Gartner estimates that more than 50% of companies won’t be able to get fully ready before the end of 2018. But you can start taking many steps now:
- Understand how the GDPR affects you and what steps you need to take
- Appoint a data protection officer
- Start looking at how and where you store personal data
- Get ready for customers exercising their new rights to delete or deliver their data
- Start your move to the Microsoft cloud
Moving to the Microsoft cloud helps you get ready
If you haven’t already moved to the cloud, this is yet another reason to do so now. Microsoft shared that their cloud services will comply with GDPR by the deadline. So you can accelerate your own GDPR compliance by moving to the cloud. And we at Binary Tree can help you get there. See more about how Binary Tree can help you transform to Office 365.