For any organization that does business with clients in European Union (EU) countries, understanding the General Data Protection (GDPR) requirements is essential. The GDPR aims to protect the privacy and personal data of EU citizens. These safeguards enact strict rules, and any non-compliance can impact your company.
While consumer privacy rights are incredibly important, many companies are discovering that the GDPR goes far beyond the usual standard for data security. This has left more than a few organizations facing a significant overhaul of their systems and protocols, even as many leadership teams struggle to pinpoint exactly how GDPR affects their day-to-day operations.
We’re tapping into our data security and technology expertise to bring you an easy-to-understand guide that describes exactly what you need to know about GDPR compliance.
What Is GDPR (General Data Protection Regulation)?
“GDPR can be considered as the world’s strongest set of data protection rules, which enhance how people can access information about them and places limits on what organizations can do with personal data.” Wired
The European Parliament passed the GDPR in April of 2016, updating the former data protection directive that had been in place since 1995.
Here is a simplified snapshot of what the GDPR is and why it was adopted:
- The GDPR contains provisions that require businesses to safeguard all EU citizens’ personal data/privacy.
- It applies to any transactions within EU member states and the exportation of personal data outside the EU.
- GDPR rules are consistent across all 28 EU member states.
- The EU implemented the GDPR to replace the 1995 Data Protection Directive, which largely failed to address the evolution of the Internet, data storage and collection, and other key advancements.
- Public concern over privacy and a widespread lack of trust in how many companies handle consumers’ data fueled the GDPR’s inception.
What Type of Data Is Regulated by the GDPR?
The GDPR has created a new standard for “personal/private data,” which has presented some significant challenges for companies. Under the GDPR, protected data includes:
- Basic identity details, such as name, ID number(s), and address;
- Web data, including IP address, location, cookie data, and RFID tags;
- Health/genetic data;
- Biometric data;
- Racial/ethnic data;
- Political beliefs/opinions; and
- Sexual orientation.
Which Companies Need to Comply with the GDPR?
Any company that processes or stores the personal information of EU citizens is required to comply with the GDPR, meaning that your organization does not necessarily need to have a physical presence in the EU to fall under its regulations.
And because equal liability is placed on data controllers and data processors, your company must make sure that any third-party processors you partner with are fully compliant. You’ll want to check your payroll service providers, SaaS vendors, cloud providers, and many other contractors you might work with regularly.
What Is GDPR Compliance Going to Change for Your Organization?
Depending on your organization’s current approach to data security, the shift might be minimal, or it might be extreme. Regardless, updating protocol to maintain compliance is necessary because the alternative involves steep fines.
You might also notice changes in your company’s contracts with third-party vendors and service providers. Those organizations are working to fulfill their GDPR-outlined obligations to notify all customers of their privacy rights under the measure. For example, the Miller Tanner team has updated our contracts, protocol, and other practices to reflect the GDPR, upholding our commitment to the highest standard of client security and privacy.
Learn More about GDPR and What It Means for Your Business
Do you still have questions about GDPR? Maybe you’re wondering how it affects you as a current or prospective client of Miller Tanner Associates, or perhaps you want to understand its impact on your operations better. To read our full privacy policy, please visit www.millertanner.com.
You’re welcome to connect with our team anytime — let’s chat!
