Add another layer to your #Business literacy. We at Serebral360° would love to know if the Forbes – Entrepreneurs article was helpful, leave a comment, like and share. Let’s dive in and discuss the information and put it to use to grow your business. #BusinessStrategy #ContentMarketing #WebDevelopment #BrandStrategy
Info@serebral360.com 762.333.1807 www.serebral360.com
Grap a copy of our NEW Business Stratgety Books #FFSS VOL1 and #FFSS VOL2
If you read financial news with any kind of regularity, you have likely come across the acronym GDPR over the past several months. GDPR stands for General Data Protection Regulation. This law was enacted by the European Union and went into full effect in May of 2018. Even if you own a business in the U.S. without a physical presence in the EU, you more than likely have a web presence in the EU that collects data over the internet.
GDPR applies to local content and targeted marketing campaigns and practices, so if you’re an American-based service or product company that caters to an EU audience, you’re likely affected. At my own company, we refined our security implementation and processes with an outside counsel by reviewing our data supply chains and creating new consent procedures. Based on these recent updates, here are my top lessons on what other business owners need to know.
Compliance with the GDPR will impact your company in a number of ways. Unless you have already taken steps to ensure that data is handled in detailed and highly specific manners, you will need to do so now.
The first step to take in remaining GDPR-compliant is to communicate with your customers and users — collect consent to receive emails, and update privacy policies and terms of services. In addition, educate them on how their information is being used and, when and if data is submitted, that it will be safeguarded. Creating a transparent message of how customer data will be used builds company integrity and emphasizes your commitment to GDPR compliance.
One of the efforts you may need to make in order to achieve compliance is to alter the way you store personal electronic data. Because any EU resident may request deletion of his or her information, all personal data related to a single individual must be easily accessible in a complete, accurate and portable form. In addition, because individuals must be notified in the event of certain high-risk situations and officials must be alerted in the event of a breach, it will be important to put protocols in place appropriate to these situations. A host of other nuanced requirements may apply to your business, so it is important to seek legal counsel if you need assistance ensuring full and proper compliance.
One of the biggest, and most time-sensitive, GDPR concerns is data breaching. The strict GDPR 72-hour breach notification rule mandates that a company’s data controller (an individual who “determines the purposes and means of the processing of personal data,” per GDPR Section 4) report any event where data is not only stolen but changed, lost or accidentally disclosed within 72 hours of discovery.
For U.S. companies, a state-by-state breakdown is compiled by the National Conference of State Legislatures, with whom to submit a report to. If your business operates in all 50 states, unfortunately, you would need to submit 50 reports. If deemed to be a high-risk breach where data subjects are adversely affected, personal data breach notifications must be sent out. Unlike the breach notification, there is no immediate deadline for issuing the personal data breach notifications, but they should be sent as soon as possible. Depending on the severity of the breach, fines of up to 2% of global revenue may be issued.
What GDPR Means For Small Businesses
Small businesses with more than 250 employees are required to be GDPR-compliant and designate a data protection officer (DPO), an expert of data protection law and procedures. Smaller companies under 250 employees are required to comply with the GDPR if they process personal or sensitive overseas data on a regular basis.
For small businesses that may rely heavily on networking (whether in person or through digital channels) to grow, this can mean putting in more work for not only company expansion but GDPR compliance. Under GDPR, it is illegal for a small business owner to take someone’s contact details from a business card or a LinkedIn connection’s contact information and add it to a contact list without his/her direct consent; receiving someone’s contact information doesn’t imply consent.
Large corporations have in-house teams of attorneys to assist in GDPR compliance. Even without such a large resource, small businesses can still achieve GDPR success: Understand GDPR. Know how your company collects data and where potential breaches may occur. Create a consent policy to acquire user personal data, and make sure that it offers an active opt-in option. If this is a large undertaking for you as a small business owner, resources are still available for your disposable. Consider hiring a contractor to assist in remaining GDPR compliant.
Remaining GDPR Compliant
Because GDPR noncompliance can lead to fines and penalties, it is essential to appoint a data controller who is able to demonstrate knowledge and processes of GDPR compliance. This includes data protection policies and how to adhere to GDPR code of conduct. The data controller can be a designated employee of the company, or a contracted individual. The controller must make sure principles are adhered to throughout the whole data processing life cycle, including lawfulness, fairness and transparency, data minimization, accuracy, storage limitation and integrity, and confidentiality of personal data.
Finding The Right Attorney To Help
If you have questions about compliance generally or complying with the General Data Protection Regulation, you should consult with an experienced business attorney. Most GDPR focused lawyers will provide the initial call free of charge to assess your website. When interviewing attorney candidates, look to see if they have prior experience working with companies of similar size to yours, as well as experience completing both domestic and international compliance projects.
GDPR is changing the way businesses source and safeguard user data. For small businesses processing data, compliance is within reach. Understanding GDPR, building data users’ trust and data usage awareness, and making legal arrangements to safeguard that data are all essential to the process.
The information provided here is not legal advice and does not purport to be a substitute for advice of counsel on any specific matter. For legal advice, you should consult with an attorney concerning your specific situation.
March 4, 2019 at 08:32AM
Forbes – Entrepreneurs