February 6, 2018 by Caroline Tahon

Not an EU company? Think that the General Data Protection Regulation (GDPR) is not for you? Think again.

The GDPR (“Regulation”) enters into effect in May 2018 and impacts you in various ways.

The Regulation grants improved rights to all “natural persons” in the European Union (EU), whether they are EU nationals or not. Do you offer services or goods to customers in the EU? You’re impacted. Do you have even a handful of employees in the EU? You’re impacted. Do you monitor the behavior of individuals that takes place within the EU? You’re impacted.

And did I mention that for serious breaches there are fines up to four percent of your global revenue or €20 million, whichever is higher?

Did I catch your attention now? Well then, time to look at your business with a new outlook — with GDPR glasses. Whether you are an Australian bank, a Nepalese online retailer, or an Argentinian seller of goods, you should have a close look at the Regulation. If your company is subject to the GDPR, you will have to implement the new rules and be ready in less than four months. Below are just a couple of examples of situations you may face after May 2018.

If data subjects — meaning a person or individual whose personal data is in your database — want to be forgotten, they may ask you to delete all of their personal data, and you will have to comply under GDPR unless there is a prevailing legal obligation requiring you to keep their data for some time.

If you have personal data that you did not get proper consent for, you may not be compliant with the GDPR. What is proper consent? The Regulation says it must be clear, unambiguous, and freely given. Goodbye legalese and fine print! Time to review your cookie policy. Not to mention that if your customers are under 16 years old, their consent is not considered proper unless their parents have agreed to it. Video game and entertainment industries, have fun with this one.

So, time to bring in the experts in your company, legal and technical, customer-facing and cloud operations, working together to align with what is starting to be called “the regulation of the century.”