The General Data Protection Regulation (GDPR) came into full force in 2018. Unfortunately, there are businesses around the world that have, for one reason or another, chosen to ignore the regulations.
If you own or operate one of those businesses, here’s the truth: ignoring the GDPR is foolish. You are risking your business and reputation.
It goes without saying that data protection is an absolute necessary in the modern world. Virtually everything we do is somehow connected online, so it is no longer a matter of ‘if’ data will be compromised. It is only a matter of when. The whole point of the GDPR is to unify data protection regulations across Europe while simultaneously beefing up said regulations to make them more effective.
If your company has chosen to ignore the GDPR, you are only one data breach away from being discovered. Note that your company could face significant fines as a result of your failure to comply. The fines are purposely stiff so as to serve as a deterrent.
More about the GDPR
Although the GDPR wasn’t fully implemented until 2018, it didn’t come about overnight. It was actually four years in the making before its official policies were actually drafted. Regulators worked long and hard to come up with comprehensive guidelines that would suit the purpose for which the legislation was intended.
The GDPR supersedes both the Data Protection Directive 1995 and Data Protection Act 1998. It contains many of the same provisions as the previous regulations along with several new provisions. The two biggest differences are found in who the GDPR applies to and the rights consumers have under the legislation.
In terms of the former, the GDPR applies to any business collecting and using the personal data of customers residing in the European Union (EU). This is pretty sweeping. It means a company is not excluded just because it is not located on EU soil. The legislation applies if even just one of your customers is an EU resident.
Moving on to consumer rights, the GDPR requires companies to prove compliance on demand. Both customers and Supervisory Authorities can request, at any time, proof of your company’s compliance. You must submit that proof. A failure to do so will almost certainly get your company in trouble.
The EU is taking this seriously
It might be difficult for some small businesses to understand what the big deal is. Business owners might wonder why the EU is taking this so seriously. It all boils down to the simple fact that just one GDPR data protection act breach puts a lot of personal information in jeopardy. That personal information often holds the keys to discovering anything and everything about the people it represents.
We have all heard stories about massive data breaches at huge corporations. Virtually no sector has been left untouched. Hackers have hit large retail banks, Hollywood movie studios, big-box retailers, and on and on. Every data breach produces personal information that can be sold on the dark web to people who have no qualms about stealing whatever they can get.
Even worse is the possibility of using someone’s personal information for blackmail, extortion, or even to assume their identity. We are long since past the days when bank account numbers were the only thing at risk. We now live in a world in which a single data breach can completely destroy countless lives.
The GDPR post-Brexit
If you own a business located in the UK, you might be wondering what happens to the GDPR once Brexit is finally completed on 31st October 2019. The simple answer is nothing. UK leaders have already stated their commitment to upholding the GDPR even after the UK leaves the EU.
That means your business will still be subject to the GDPR regulations in every way. It is also assumed that the rights of UK citizens will still be upheld just as if they were EU citizens. There is, for all intents and purposes, no resolve to break with any provision of the GDPR following Brexit.
What you should do
It would be inappropriate to close this post without mentioning what you can do as a business owner. If your company has made no concerted efforts to understand and comply with the GDPR, the first step is to have your data protection policies audited by a reputable organisation. An audit will determine how compliant your organisation currently is.
In the event that changes need to be made, the same company that provided the audit should be able to offer good recommendations. You should heed those recommendations with all seriousness.
Remember, ignoring the GDPR is foolish. Any company that does so is taking a risk not worth taking. That company is just one data breach away from not only being discovered but also jeopardising the welfare of its clients.