Confused By GDPR And How It Will Affect You?

Be sure to attend Intelice’s upcoming series of webinars about Europe’s General Data Protection Regulation and how it will affect US businesses like yours.

Click Here to tune in now

In March, Intelice was proud to be chosen by Microsoft along with other select partners to attend an invitation-only event regarding GDPR (General Data Protection Regulation), at the Microsoft corporate headquarters in Redmond, Washington. The meeting was designed to inform and enable key partners to engage with Microsoft’s customers and assist them with complying with GDPR regulations.

Intelice’s own Robert Roman and Ash Bonebrake attended the two-day in-depth meeting on April 3^rd and 4^th in Redmond with Microsoft leadership including Julie Bill, Corporate Vice President, Rudra Mitra, Director of Office 365 Information Protection, David Burt, Sr. Product Manager for Azure, and many others.

The theme of the meeting broke down into three main areas that are vital for the coming GDPR deadline:

1. Microsoft is leading the global effort to ensure proper privacy practices are followed which includes GDPR compliance.
2. Although GDPR is a European Union regulation, it affects businesses globally.
3. Most businesses don’t understand and aren’t prepared to meet these regulations, and Partners are greatly needed to help customers become compliant.

In summary, compliance is a major undertaking and nearly all businesses worldwide need to make changes to their systems and processes to meet compliance obligations. GDPR is likely just the beginning as many other countries are using GDPR as a guideline in drafting their own regulations.

If you’re unsure about how GDPR will affect you, and what it will take for you to be compliant, then you need to do your homework. You could try to handle it on your own, or, you could let the Intelice team of compliance experts help you. We have a comprehensive webinar series about GDPR compliance to help you ensure that you’re compliant now that the May 25, 2018 deadline has reached us.

In the meantime, here’s a primer on the GDPR…

The mission of the GDPR is to protect EU citizens from data breaches as a result of transactions that occur within EU member states. The enforcement date for the new GDPR was May 25, 2018, and non-compliance could have major repercussions for your business.

Many U.S. businesses have been working hard to meet the new GDPR guidelines, but it’s not clear if others have the technology in place to notify individuals that their data was breached within the required 72-hour period. This is one of the primary components of the 2018 GDPR. No matter how you look at it, three days can go by very quickly when it comes to sending out data-breach notifications, especially if you haven’t planned in advance.

Many North American businesses, even large enterprises, don’t always plan ahead and, instead, operate in a reactionary mode. Security professionals in the U.S. and Canada are concerned–The mandatory 72-hour GDPR breach-notification period has them worried because they don’t think most businesses are prepared. The U.S. doesn’t have a national data-breach notification requirement. However, most states do require notification within 30 to 45 days. If businesses don’t comply, they will be fined 4% of their global revenue up to $20 million. Plus, the consumers whose data is breached can file class-action suits against them for noncompliance.

They believe that the regulators in the European Union will impose the largest fines they can and that they’ll make an example of organizations that lack compliance–and will do so within the first 90 days of the breach. This is much like the U.S. Health, and Human Services/Office of Civil Rights does with their “Wall of Shame” and HIPAA breaches of personally identifiable information (PII).

The GDPR requirements apply to any organization that does business in Europe and collects personally identifiable information on European citizens. It doesn’t only apply to large multi-national corporations; it applies to any business that has 250 or more employees. Smaller companies are typically exempt, except in the case where a data breach results in a risk to the rights and freedom of individuals, isn’t an occasional occurrence, or where the processing of data includes special categories like those relating to criminal offenses or convictions.

The 2018 GDPR replaces the old Data Protection Directive of 1995. The most recent GDPR breach notification requirement was enacted in April 2016. It sets a higher compliance standard for data inventory, and a defined risk management process and mandatory notification to data protection authorities.

If you didn’t meet the requirements by May 25, 2018 – you need to get compliant as soon as possible, failing to comply with the GDPR could have a disastrous effect on your business.

That’s just the tip of the iceberg – be sure to check out our GDPR webinar series and other GDPR website materials to help you reach or maintain compliance. For more information, get in touch with Intelice at (301) 664-6801 or {email}.