Last Chance to Prepare for GDPR Compliance

When the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, companies doing business in the EU will face a much higher bar for data security compliance. Here are some key requirements you need to know:

  • GDPR applies to all companies that process personal data of people who live in the EU, even if the company itself is outside the EU.
  • Data subjects must be given more information when their data is collected.
  • Both consent and explicit consent now require clear affirmative action, and individuals can revoke their consent to data processing at any time.
  • The minimum age for individuals whose data can be collected is rising from 13 to 16.
  • Organizations must delete data that is not being used for its original purpose.
  • Organizations have 72 hours to notify regulators of data breaches that pose a risk to data subjects.
  • There is a single national office for complaints.
  • Large data controllers must appoint a data protection officer.
  • Proven noncompliance carries a penalty of up to roughly $24.5 million, or 4% of total global annual turnover for the preceding financial year.

If you’re still not ready to meet the GDPR’s data privacy standards, contact us.