In a world increasingly populated by business-related acronyms (B2B, SMB, CMS, EOD, etc.), you’ve probably heard this one around the water cooler (or seen it popping up in your email inbox) over the past few months: GDPR.
“Are you ready for GDPR?” “Do you know how GDPR will impact your company?” “GDPR is coming!” “Are you GDPR-compliant?”
But what is GDPR? Let’s take a look.
GDPR stands for General Data Protection Regulation. True to its name, GDPR is a European Union regulation addressing data protection and privacy for EU consumers. It is, in its essence, a set of strict rules that give citizens of the EU more control over their personal data.
Sound funny? That’s because, in the United States, these kinds of regulations often favor the business, not the consumer.
The EU, however, has long been a staunch defender of consumer data protection. In fact, the GDPR is a stronger, more comprehensive replacement of the EU’s Data Protection Directive of 1995. Obviously, a lot has changed over the past 23 years in terms of how users share — and businesses leverage — data. Enter: GDPR.
To put it briefly: Under the GDPR, consumers have a greater ability to force companies to delete personal data and companies who are non-compliant could face incredibly steep fines.
“Okay, so how does this impact me? I don’t live in Europe.”
Well, let’s reexamine the core goal of GDPR: To protect EU citizens’ data. Data hardly obeys territorial borders, and it doesn’t need a plane ticket to cross oceans.
That means that any company around the planet that has consumers located in the EU are subject to the stringent and far-reaching arm of GDPR.
Back up, there, buddy – it rolled out in May 2018!
If you’re reading this article, chances are GDPR is relatively new to you. But if your company’s client or customer database includes contacts in the EU, then you should definitely look into how your company is handling consumer data protection.
While there is no definitive list of what the GDPR defines as “personal data,” items include but are not limited to the usual suspects:
In other words, the GDPR protects data that can be considered personally identifiable information – data by which a person can be either directly or indirectly identified.
If you do have customers in the EU, you should absolutely add a data protection software like Avexta’s DataSense to your toolbox. Using a centralized management interface, DataSense quickly and thoroughly scans your servers, searching for personally identifiable information, including many of the examples above.
We typically think of data protection as something for ourselves – so we don’t fall prey to hackers or cyber thieves – but in the case of GDPR, a software like DataSense is a perfect way to take inventory of the kinds of consumer information you have in your database.
Knowing that is the first step towards GDPR-compliance, a topic we’ll explore over the coming weeks.