Data is to this century what oil was to the previous one—a driver of growth and change, according to the Economist. Flows of data have created new infrastructure, new businesses, new monopolies, new politics, and—crucially—new economics. As rapidly as data is becoming the lifeblood of the global economy, it also represents a decisive competitive edge. But with big data as a major asset, the flip side of the coin, data protection, must be also be taken into consideration.
Ensuring the security and confidentiality of critical corporate and customer data is vital. In December 2015, the European Union’s General Data Protection Regulation (GDPR) introduced more stringent and prescriptive compliance challenges, backed by fines of up to 4 percent of a company’s annual global revenue. The GDPR is replacing the 1995 Data Protection Directive and is aimed at protecting EU citizens’ personal data in the current digital world.
Protecting your data is a critical enabler for enhanced service offerings and digital commerce. Customers want to be assured that their data will not be stolen or abused, and companies must build that trust. McKinsey recently reported in a survey of 60 major European companies that only 10 percent have mature cybersecurity risk-management practices, and 45 percent of respondents said they would need to make significant investments in basic tools to comply with GDPR requirements. Although the GDPR has been ratified by the European parliament, commission, and counsel, it will not enter into full force until spring of 2018, at which time it will impose strict rules on those hosting and processing data anywhere in the world.
The digital age has broken down barriers to worldwide commerce. The new regulation has strict rules about how personal data, such as customer and employee data, is used and protected. The rules are directly applicable to all EU member states and EU citizens, thereby affecting international companies with EU operations or customers. A PwC pulse survey recently asked C-suite executives from large American multinationals about their plans for the GDPR, with some surprising results: More than half said GDPR is their top data-protection priority. Binding corporate rules are also gaining popularity, and most U.S. businesses are re-evaluating their European presence, whether they’re considering how to reduce their GDPR risk exposure or considering withdrawing from the market altogether.
What does this mean for you? Preparedness is key. If you have operations or customers in EU member countries, this will affect your business. A number of obligations are completely new and many have changed significantly, compared to previous regulations. These include:
The GDPR is coming, and it’s inevitable, but we’re here to help you assess your GDPR preparedness and to suggest optimal solutions. I’ve merely scratched the surface here, and I’ll continue to give you helpful information about this far-reaching regulation in a series of blog posts over the coming weeks.
To learn even more, check out this webinar on GDPR.