Are you confident that you have done everything you need to do to comply with the General Data Protection Regulation (GDPR)? In a recent study, fewer than half of the companies represented were ready for the GDPR to come into effect on 25 May. The study also revealed that people are still confused about whether or not the regulation applies to them.
Does the GDPR apply to my company?
In a nutshell, the GDPR applies to any organization that processes the data of European Union citizens, not just companies resident in the EU. Naturally, it applies directly to companies that are based in the EU, but it also applies to companies that offer services to, or collect, store or monitor the data of EU citizens, no matter where in the world the company is located.
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. It governs the way companies handle, store and transfer the personal data of EU citizens. But just because your company isn’t based in the EU or doesn’t have any customers there doesn’t mean you are off the hook.
A company may have personal information of EU citizens in its databases if it has a website that collects information on visitors. Even IP addresses are considered to be “personal information.” What about your marketing databases? Could they contain any names or email address of EU citizens? Do you have contractors or employees in the EU?
The following steps will put you on the road to GDPR compliance and a healthier and more robust data security environment.
1. Complete a data inventory.
The first step toward GDPR compliance is to understand what data your company collects,
This content is available to IABC members only. To continue reading, log in below.