It’s only a matter of time.
When the European Union General Data Protection Regulation (GDPR) took effect May 25, no one in the U.S. was surprised to learn “We’re next.” There may be “hefty fines” for organizations choosing to disregard the new directives. And time is running out for companies who need every spare second ramping up for what will be critical regulatory upgrades.
The Basics of GDPR Today
The vendor will need to obtain explicit permission for each type of processing done on the personal data… Once the data is collected, U.S. companies will then have to protect it under the GDPR’s rules. –Forbes
Simply put, GDPR is a protocol to ensure your company’s personal data is legally gathered and protected. Those who manage your technical data will be “obliged” to prevent its misuse, exploitation, and to respect the rights of data owners. At this time, this means if a European visitor to your website buys your stuff, you need to be in compliance with GDPR.
Changes That Led to GDPR
Users and dataflow is increasing at an enormous rate. Every day, every minute, in every organization the number of visitors, their demographics and what they want to do challenge us. You’re collecting and storing so much information that it’s more like trying to catch a waterfall in a bucket. You can’t be sure where some of the data is now located.
Between social networking, the cloud, and “smart” digital and mobile devices, data security is also tumbling around inside a barrel down that same waterfall. Something’s going to shatter. GDPR wants that information corralled and then funneled to a logical site, protected, and then accessible only by those who have the right to that access.
The Cost of Doing Business
Many organizations remain unaware of the vulnerabilities that can affect their data. And as a result, they’re also unaware of the consequences of a breach. Without understanding the magnitude of the threat, they never get around to identifying risks and remediating weak spots. And that can be a costly misjudgment. –GDPR White Paper
In a 2016 study by the Ponemon Institute, the average cost of a data breach was $3.62 million USD. The new fines that can be imposed for GDPR violations aren’t intimidating – they are terrifying. If the U.S. bases its GDPR on the European model:
- Companies may have no more than 72 hours to notify authorities of a data breach.
- Organizations will be fined for any noncompliance that led to the data breach.
- Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, may be issued.
- Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements that include that include:
- The non-compliant transfer of personal data to a recipient in a third country or an international organization
- Any non-compliance with an order by a supervisory authority
AS IF You Needed More Motivation for Additional Security…
It’s difficult to measure ROI (return on investment) for putting better and more security in place. Once GDPR is initiated in our country, one of your gauges of ROI is how much money you did not lose to breaches and fines. However, you may be able to measure future global business when you’re working under GDPR regulations (and your competitors aren’t).
The first step is a professional assessment of your organization’s security processes. We’ll analyze:
…for security vulnerabilities. Call 908. 231.7777 or contact your technology professionals at Atrion. Let’s get you up to speed before the race begins.