The new European privacy regulation known as the General Data Protection Regulation (GDPR), goes into effect May 25, 2018. Businesses in the U.S. that store data of citizens within the European Union, must become compliant with GDPR before the impending May deadline.
To shed some light on GDPR and what your small business must do to be prepared and compliant, Small Business Trends caught up with Kory Willis, IT director of Impartner, who explained what GDPR is and how small businesses can make sure they are compliant with the new regulation.
What is GDPR?
GDPR is one of the strictest regulations the European Union has ever passed. It is designed to give individuals, customers, prospects, employees and contractors more power and control of their data and take the power away from businesses which collect and use such data for financial gain.
According to Willis:
“The new security rules affect any business storing data on EU citizens, even if the company is based in the US. Violators whose security measures don’t comply will be subject to large fines. The control, privacy, and security of an individual’s personal information is at the root of the GDPR. It outlines strict measures businesses large and small must take to safeguard the data they collect from any misuse or malicious activities.”
Such personal data can be anything related to a person, including names, email addresses, photos, bank details, location details, computer IP address, social networking updates, medical data and so on.
Is My Small Business GDPR Compliant?
Willis noted how a significant number of businesses in the US are unsure whether they will meet the standards required to be GDPR-compliant.
“The issue is that one in four US companies don’t know if they’re prepared to meet GDPR compliance standards. This is especially concerning considering failure to comply can result in fines of up to $20 million or 4% of global annual turnover for the preceding financial year, whichever is greater. The penalty is designed to be high enough to put a company out of business in the EU,” Willis told Small Business Trends.
Impartner’s IT director spoke of the importance for small businesses to verify relationship management solutions and applications are GDPR compliant.
“Many small business owners don’t realize that one of the largest databases of information that companies interact with is their relationship management solution, whether it’s a CRM, SRM or PRM. PRM systems, for instance, store troves of international partner, vendor and customer information.
“Most small business will use third-party applications to provide many of these services. It is critical that they full verify that those applications are GDPR compliant, as they will still be liable if said third party has a data breach. Vendors need to ensure they’re using technology solutions that are compliant with GDPR. This includes selecting a partner relationship management solution that’s in compliance with the new standards,” said Willis.
To help customers ensure GDPR compliance, Impartner has taken two steps:
- Impartner PRM meets the GDPR requirement for customer data to be pseudonymized or transformed in such a way so the resulting data cannot be attributed to a specific data subject without the use of additional information.
- Impartner PRM is also helping to address the GDPR requirement for control of data be given to end-users, (though it can be difficult to fully eliminate all traces of a person’s data.)
If you are a small business operating in the U.S. which stores and collects data about citizens in the European Union, you have until May 2018 to put the necessary data security measures in place to ensure you are GDPR compliant and not open to a non-compliance fine.
Photo via Shutterstock
Does this mean that even bloggers are affected in this matter? So are there any sites that explains the GPDR?