It’s been a little over a year after the EU’s General Data Protection Act (GDPR) went into effect, and privacy experts are heavily scrutinizing adherence to the policy. The GDPR joins Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) compliance, the Health Insurance Portability and Accountability Act (HIPAA), and the Family Educational Rights and Privacy Act (FERPA) as one more piece of the data and compliance puzzle that Axis Technology can help you solve!
Recent Impacts from GDPR
In June 2018, companies self-reported 1,700 data breaches. For 2019, it is estimated to have 36,000 breaches reported, which is a significant increase from the previous annual reporting of 18,000 and 20,000 breaches. According to a report published in late February by the European Data Protection Board, during the first nine months that the GDPR was in effect, the total penalties imposed under the statute added up to €55,955,87.
TrustArc found that only 20% of businesses believe they are now GDPR compliant. Shockingly, more than 1 in 4 companies (27%) have yet to begin work on making their organization GDPR compliant – several months after the deadline has passed!
What is GDPR?
Before GDPR, there wasn’t a single breach-notification regulation for the European Union. They relied on the EU’s 1995 Data Protection Directive which allowed individual member nations to write and pass their own breach-notification laws.
The General Data Protection Act (GDPR) consists of a long list of regulations for the handling of consumer data. The goal of the new legislation is to help align existing data protection protocols while increasing the levels of protection for individuals. The reforms are designed to help customers gain a greater level of control over their data while offering more transparency throughout the data collection and use process. This would replace the prior initiative as it will help to bring existing legislation up to par with the connected digital age we live in.
For not complying, the penalties could reach millions of dollars. Companies that do not comply will fall into one of two categories: 1) a fine up to €20 million, or 2) 4% of the company’s annual turnover, whichever is higher.
Does GDPR Apply to US Companies?
Yes, the US companies have to apply to GDPR if they are processing individuals’ information from the EU. Compliance will be mandatory for those US companies Controlling or Processing the personal data of subjects in the European Union even if the processing may take place outside the Union.
How the GDPR applies to US companies controlling or processing personal data can be complicated – and the difficulty of addressing these questions makes GDPR compliance for US companies an area that requires action to be taken as soon as possible!
How Axis Can Help You Become GDPR Compliant
GDPR is going to affect you one way or another, as technology increases, and data privacy becomes more and more important. Not complying can not just affect your company’s finances but also its reputation. This is the best time to talk to experts who can perform a risk assessment and learn how they can help avoid data breaches within your firm before the number of breaches increases.