When the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, companies doing business in the EU will face a much higher bar for data security compliance. Here are some key requirements you need to know:
- GDPR applies to all companies that process personal data of people who live in the EU, even if the company itself is outside the EU.
- Data subjects must be given more information when their data is collected.
- Both consent and explicit consent now require clear affirmative action, and individuals can revoke their consent to data processing at any time.
- The minimum age for individuals whose data can be collected is rising from 13 to 16.
- Organizations must delete data that is not being used for its original purpose.
- Organizations have 72 hours to notify regulators of data breaches that pose a risk to data subjects.
- There is a single national office for complaints.
- Large data controllers must appoint a data protection officer.
- Proven noncompliance carries a penalty of up to roughly $24.5 million, or 4% of total global annual turnover for the preceding financial year.
If you’re still not ready to meet the GDPR’s data privacy standards, contact us.