Are You in Compliance with the GDPR?

While the General Data Protection Regulation (GDPR) establishes reform in the European Union (EU) and European Economic Area (EEA), its requirements affect any company or individual doing business abroad or having a website that serves customers abroad. Meaning, this data protection reform may impact your U.S. business.

If you’ve visited a website and have seen a pop-up request to accept or reject a site’s cookies, then you’ve landed on a page of a provider that offers services in the EU and EEA.

The GDPR is changing the digital landscape. The GDPR means big things in terms of demonstrating compliance: where in the past many organizations included a disclaimer such as “by using this website, you accept cookies,” under GDPR users must now be given the option to agree to the terms of the site’s cookies.

What is the GDPR? 

Effective May 25, 2018, the GDPR enforces a strict level of protection on the personal data of EU and EEA residents. Further, it intends to streamline and un-complicate regulations concerning digital platforms. This reform aims to better protect individuals’ data, including names, addresses, photos, IP addresses, and other personally identifiable information. The regulations apply to businesses in the EU or EEA, as well as any organization outside of those areas performing business in the EU or EAA, or with customers residing in those areas.

This protection is achieved by setting legal requirements on processors (the agency, public authority, or other entity that processes personal data not their own) to hold them accountable for private information that is collected and stored. Processors must report how they process, gather, and keep personal data so that, in the event of a breach, the organization can prove the steps they took to protect individuals’ data.

Why was the GDPR Implemented?

As data breaches become more common and hackers grow more resourceful, individuals are forced to find and apply the most effective protections for their information against malicious activity. The GDPR compels companies to add to customers’ efforts and protect their users and clients in the initial stages of a relationship. To prevent information from being stolen or lost, the GDPR intends to put the proper precautions in place to decrease breach incidents. The GDPR does not dictate specific cybersecurity control technologies, but instead directs that organizations implement data protections by design and default, leaving it to individual organizations to determine the appropriate security controls for their size, complexity, and data risk. The GDPR also initiated a penalty for organizations that do not adequately protect their customers’ data in ways that align with GDPR standards, as a means to make sure companies follow this legislation.

In addition, the GDPR requires companies to alert their customers and/or users should a breach occur.

How can the GDPR Impact You and Your Business?

Beyond the threat of penalties for not complying with the provisions and requirements (fines of up to four percent of annual global turnover), businesses that implement the required data protections will, according to the GDPR, offer better protection to their consumers from cyber threats and hacks.

As a majority of companies worldwide provide goods and/or services to individuals in Europe, it’s important for an organization to analyze its current global involvement and plans for future international development to determine which data protection or privacy laws might apply.

For more information on how this change can affect your business, whether you’re a higher education institute or a manufacturer, please contact us.

By |2019-03-08T11:44:08+00:00March 7th, 2019|Uncategorized|0 Comments

About the Author:

Sikich LLP
Sikich is a leading professional services firm specializing in accounting, technology and advisory services. For over 30 years, Sikich has been helping clients focus on overall business growth and the components that result in building the bottom line. Sikich has more than 750 associates and has been ranked as one of the country’s 30 largest accounting firms and among the top one percent of all enterprise resource planning solution partners in the world.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Privacy Information

We use cookies to personalize the website for you and to analyze the use of our website. Click 'Privacy Options' to configure how we can interact with you and your device or computer.

Privacy policy | Close
private equity services construction accountants Agriculture Services Construction Services Non-Profit Services Government Services