The Basics of GDPR
GDPR stands for General Data Protection Regulation and it is a new regulation which strives to protect the personal information of EU citizens. This regulation acts as a worldwide attempt to protect people from identity theft and to ensure the continuity of thousands of businesses all over the world.
Cyber crimes are not a small thing these days because for many malevolent people, it is actually easier to steal goods or money online than to steal from a physical shop or just burglar a house. Online crimes can be very varied and they can compromise the security and personal information of an individual. For example, if your personal and financial data (including credit card numbers, government IDS, etc) are not properly stored and protected, it can be stolen by hackers who can try to make purchases in your name, sell it to third parties, etc. Now you probably understand why GDPR is so important.
This regulation basically enforces businesses all over the world that make transactions with EU citizens to ensure the protection of their clients’ personal information. If you have a business, you are required to comply with the GDPR regulations, otherwise, you risk hefty fines.
When will the GDPR take effect?
The deadline for companies and businesses to comply with GDPR requirements is May 25, 2018.
How big is the fine for companies which don’t comply with GDPR?
It is not a good idea to ignore the GDPR requirements because as mentioned earlier, there are big fines waiting for those who are careless when it comes to the personal information of their clients. Each organization needs to follow certain rules and to help you understand this topic better, here are a couple of criteria which basically influence the size of the fine your company will get if you don’t comply with GDPR.
- Intention – whether or not your compliance with the GDPR (or lack of it) was intentional or accidental, this aspect influences the size of the fine
- Cooperation – if the staff of a company which doesn’t comply with GDPR is cooperative, the fine can be lower in some cases
- Nature – his refers to how many people were affected, the size of the damages produced, etc
- Mitigation – whether the company which didn’t comply with GDPR mitigated the damage to other subjects
- Data type – this basically refers to the type of data left unprotected as a result of not complying with GDPR on time
- Certification – the fine can be lower for companies which use approved codes of conduct
- History – whether or not the company in question had previous similar infringements
- Notification – this refers to whether the infringing company has reported the problem by itself or by using a third party establishment
- Safety Measures – how many preventative measures a company has taken in an attempt to comply with the GDPR up until its deadline
- Others – there are various other factors which might influence the gravity of the problem and size of the fine such as the financial impact on the company in question, etc.
These are some of the most common criteria which authorities use to judge why a particular firm hasn’t complied with the GDPR and to determine a correct fine. Hopefully, this doesn’t happen to your company, but if it does, fines can be split into two categories.
- Lower level – this can be up to 10 million Euros or up to 2% of the revenue from the previous fiscal year.
- Upper level – this can be up to 20 million Euros or up to 4% of the revenue from the previous fiscal year.
As you can probably see, it is not a good idea to play with the GDPR or ignore it because it can cost your company a lot of money. Authorities put the aforementioned criteria together and fine a company according to the infringement which is the most serious. In other words, you are not fined multiple times for each infringement separately.
Does this affect my business too?
This is a good question and the answer is usually yes. GDPR compliance is mandatory for companies which process information about EU residents, whether or not they have a business presence there. There are other important factors which will help you get the correct answer such as these:
- If your company has more than 250 employees, it must comply with GDPR
- If your company doesn’t have more than 250 employees, but it processes sensitive data such as financial information
- A business presence in a European country
- No business presence in a European country, but the company processes information about EU citizens
According to some recent studies, more than 92% of companies in the US require to comply with the GDPR.
What type of data GDPR protects?
There are several types of personal data which GDPR strives to protect against hackers and other malevolent people online. This includes:
- Financial data such as credit card numbers, etc
- Personal data such as names, address details, etc
- Web data such as IP number, ISP name, etc
- Health-related data as well as ethnic and racial information
- Political opinions and sexual orientation
Is it expensive to comply with GDPR?
According to a few surveys done in December 2016, complying with GDPR can cost companies $10 million and more, depending on the size of the business, nature of data which requires protection, etc. To be more exact, up to 68% of US companies are expected to pay between $1 million and $10 million to comply with GDPR.
However, more recent studies show that these costs are exaggerated. According to some studies done in March 2018, up to 36% of companies are expected to pay between $50,000 and $100,000 to comply with GDPR while 24% of companies will eventually pay between $100,000 and $1,000,000. Less than 10% of companies are expected to pay sums greater than $1 million.
What are the advantages of complying with GDPR?
Although many companies see this regulation as another expensive transaction they have to make, there are a lot of benefits business owners can reap. For example, when clients find out that your business complies with GDPR, they will immediately trust you more because you are treating their personal and financial data with utmost care.
In a similar fashion, not only that you gain more trust from your clients and business partners, but you also avoid hefty fines which can put a big hole in your company’s budget if you don’t comply with GDPR. This regulation is a big step towards protecting valuable personal data and it only tries to make our world safer and better.
Hopefully, now you have a better understanding of GDPR and what it means. Whether you have a business presence in EU or not, complying with GDPR is mandatory and highly recommended to increase the reputation of your business.