GDPR is coming! Are you Ready?
We know what you’re thinking. While GDPR (General Data Protection Regulation) is the biggest change to EU data protection and privacy legislation in many years, my company is based in the USA, so I have nothing to worry about.
Not the case!
If you collect and store an individual’s personal data from a website visit or a transactional sale, a direct marketing publication, a credit card processor, or from any firm that collects and stores personal data, your business could be at risk. GDPR will change how that information is used and stored, as well as an individual's options for extending or withholding consent for the data usage. In fact, given the upcoming changes, GDPR could ultimately become the de-facto national privacy law in the United States.
Regardless of where your business is located, if your company conducts business on a global scale and captures information from a single European customer, your business is at risk of being fined, with penalties rising a high as 4% of your global annual revenue or $24 million, whichever is greater. We believe the substantial penalties for non-compliance are compelling, but if you're still not sure, maybe the new requirements (such as data portability and the right of erasure) might, as they impact the responsibilities of both data controllers and data processors, throughout the supply chain. In other words, while the penalties might not be important to you, they may still be extremely important to one of your business relationships.
Since you’re here on our site reading this, we want you to know you’ve come to the right place.
First, data protection and compliance are at the core of everything we do when building a custom solution for our clients. The twin goals of protecting your data and ensuring your organization can successfully defend its compliance status to regulators are at the top of our list.
Getting GDPR compliant sounds straight-forward, right? Unfortunately, that is not the case again!
The regulation does not specifically address how organization should implement their GDPR compliance, which forces firms to decide on what processes and technologies they should deploy to achieve compliance. This makes GDPR much more complex and challenging to implement than certain prior—more prescriptive—frameworks.
Also, keep in mind that GDPR compliance is not primarily a security or IT issue, it’s a holistic business challenge. It impacts legal, marketing, sales, HR, and a myriad of other business functions. According to a recent study conducted by IDC (IDC GDPR 2017), depending on the familiarity with compliance and the amount of personal data processing a company undertakes, most firms will take two years to reach a state of compliance, and will require a significant ongoing dedication of governance budget.
Bottom line, we’re here to help you navigate through the complexity and processes of establishing your GDPR compliance platform. With over twenty-three years of experience providing value-based solutions, helping clients to become more competitive, drive revenue or protect their data, Primero Systems is your first step into ensuring you’re GDPR compliant.
Let’s talk about how your process for implementing GDPR can get you on the right path to protecting both your customer’s data and your business.