Beginning in May, Eastern Union (EU) companies and websites with substantial EU users must comply with the General Data Protection Regulation. For businesses, the GDPR necessitates protection of personal data and privacy of EU residents for transactions transpiring within EU member states. In addition to name, address and social security number, items such as the consumer’s IP address and cookie data may warrant security. Failure to comply may very well be financially problematic.
Who Does GDPR Impact?
This new standard directly affects websites collecting data on citizens in EU countries. Compliance will be required by May 25. After this date, it will be enforceable only in EU. It does not include websites collecting data in the US or Canada at this time.
According to the GDPR governing body, companies must provide a “reasonable” level of protection. This level of protection remains undefined; thereby allowing indeterminate latitude when assessing fines for data breaches and non-compliance. This challenge brings up a valid consideration: companies must decide what they believe will qualify as reasonable security and have everything in place in order to meet compliance standards for consumer rights prior to the GDPR going into effect.
User Data and Security: Best Practices
Moreover, this regulation leads the way regarding best practices of how user data is managed overall. Given the latest data security breaches in the news, it’s wise to audit your organization’s own user data security processes and be prepared for the inevitable. Use this checklist as a guideline to determine your next steps.