“The status quo has been completely redefined.”
That’s what the Chief Security Officer of Egnyte, Kris Lahiri, says about the GDPR. Most tech watchers tend to agree with him. Without further ado, here’s a brief summary about the GDPR.
What Is the GDPR?
The General Data Protection Regulation (GDPR) is a sweeping new European Union privacy law. It doesn’t only affect Europeans. Because of the widespread reach of the EU, sometimes referred to as the Brussels Effect, the GDPR has major consequences for businesses around the world. This includes many businesses in Los Angeles.
To cut a long story short, the GDPR replaced an outdated 1995 law called the European Data Protection Directive (EDPD). Since the EDPD was created in 1995, it was totally irrelevant for the digital age. Computer usage and data collection have exploded since the 1990’s, so a change was badly needed. In 2012, the European Commission proposed a comprehensive reform of the EDPD. Among other things, this law was meant to protect consumers privacy, curtail email spam, and make data collection more transparent. Notwithstanding, the law took the slow boat to China. It only gained teeth in May of 2018.
The GDPR is strict. And not complying with it is really expensive. Here are 8 facts businesses in Los Angeles need to know about the GDPR so they can protect their pocketbook.
1) There Are Heavy Consequences for Noncompliance
Unless you have money to burn, you don’t want to run afoul of the GDPR. Disobeying the GDPR can cost you 20 million Euros (about 23.3 million Dollars as of August 2018). Technically, the fees don’t stop at 20 million Euros. If your company is rolling in money, you can be fined 4% of global annual turnover.
2) It Doesn’t Just Affect Businesses in Europe
As mentioned earlier, the Brussels Effect is real. The GDPR affects businesses all over the world. If you target a data subject in Europe with marketing efforts, then the GDPR affects you. In particular, U.S. based hospitality businesses, software companies, and e-commerce businesses are especially vulnerable to the GDPR.
3) Some Businesses in Los Angeles Aren’t Affected by the GDPR
However, it’s only the ones that don’t target European consumers with any marketing efforts. If you don’t sell products to Europeans or collect/buy/use emails from Europe the law doesn’t conern you.
4) Los Angeles Businesses Are Already Changing for the GDPR
One of the most noteworthy examples is the Los Angeles Times. They’ve shut off access to internet users in the EU. The Chicago Tribune has also closed its doors. Tronc, the company that owns these two outlets (and other papers) won’t risk non-compliance because of the high fees. The GDPR is the real deal.
5) The GDPR Gives Individuals Eight Rights
The GDPR is incredibly consumer-friendly legislation. It gives Europeans consumers a plethora of rights and protects their privacy. In detail, it gives these eight rights.
- The Right to Access- Consumers can request free access to their personal data anytime. They can also ask how the company is using their data.
- The Right to Be Forgotten- Customers have the right to ask for their data to be deleted.
- The Right to Data Portability- Consumers can request data is transferred from one service provider to another.
- The Right to Be Informed- Individuals must be informed before data (like an email address) is collected.
- The Right to Have Data Corrected- Consumers have the right to have their data updated if it’s incorrect (although, a company probably wouldn’t want out-of-date data in the first place).
- The Right to Restrict Processing- Individuals can ensure their data isn’t used for processing.
- The Right to Object- EU consumers can remove themselves from an email list or a phone list, and direct marketing must stop immediately.
- The Right to Be Notified- If data is hacked, the consumer must be informed about it in 72 hours.
6) May 25th, 2018 Was the First Day Fines Started
You may have heard about the GDPR for years. It’s officially been on the books since 2016. Yet, fines only started on May 25th, 2018.
7) Good Faith Attempts to Comply Aren’t Enough
There are lots of articles floating around talking about the effectiveness of good faith attempts to comply with the GDPR. These do help. Yet, the true course of love never did run smooth. In other words, good faith attempts aren’t enough to guarantee you won’t get a fine. If that was the case, the Los Angeles wouldn’t be blocking its European readership.
8) You Can’t Comply With the GDPR in Five Minutes
Applying with the GDPR is difficult. For one thing, it requires all of your emails to be collected with consent from the user. And the burden of proof is on you. Many legacy tech systems make this proof difficult or unattainable. Also, even one email can be a problem. The CAN-SPAM Act has fines of up to $16,000 for each email address that’s wrongly solicited. The law is complex, and if you do any business in Europe you need to spend time understanding it. Otherwise, it may come back and bite you.
Where Can I Learn More About the GDPR?
If you want to learn more about the GDPR, a good place to start is the GDPR Compliance Guide. You can also contact a GDPR expert at Global IT. We’re a managed IT company in Los Angeles. We work with LA-based businesses that sell products in Europe, and we can make your business 100% GDPR compliant.