General Data Protection Regulation (GDPR) comes into effect May 25th, 2018. It covers European Union citizens and covers every business interacting digitally with EU citizens. The European Union has been working on this regulation since 2012 and it was signed in 2016. So far it has been a directive, but from May 2018 GDPR gets teeth. Here’s why GDPR is relevant to businesses even if they are based in North America.
First… Understanding the legalese
The GDPR references subjects, processors and controllers. It can get confusing without a clarification.
- Your website visitors are the Data subjects,
- You (the North American retailer) are the Controller
- We (Polytab Analytics, a unit of Infernotions Technologies) as the cloud-based solution provider are the Processor. It is likely you are handling other facets of the subjects’ profile and are a Processor as well.
The Controller, ie. you, are ultimately accountable for demonstrating compliance. The Processor, ie. we the vendor, are responsible for the security practices when handling data whose access is authorized by the subject.
It is absolutely critical to clarify the notion of Personal Information. That is the asset that GDPR is seeking to protect. GDPR broadens the definition significantly. The biggest change is the extension of personal data to include information relating to an identified or identifiable natural person. Personal information definition now includes IP and cookie.
Why is GDPR compliance important for North american businesses?
- Penalties for non-compliance are severe. Per the regulation, the penalty can be 4% of global revenues or 20M Euros, whichever is higher.
- It makes good business sense. I have heard from some skeptical peers that the GDPR is a cash grab by the EU as the American media companies like Google, Facebook and Amazon are very good at monetizing data of the EU citizens, but not sharing the wealth with the respective nations. Another perspective is that even if a merchant is non-compliant, the regulation is very difficult to enforce. Both the points have merits. However, it is a fundamental truth that poor data security can be very costly. Cases in point – the financial hits taken by Alteryx, Equifax, Facebook, Yahoo . Notably it isn’t just the big media companies. I highlight the case of Alteryx because it highlights the root cause of the breach.
one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket’s contents.”
Data’s the new oil. Protect it.
To us at Infernotions Technologies (parent company of Polytab Analytics), data is our bread and butter. We take data very seriously and this precedes the recent awareness on data privacy issues with the Facebook hearings and the upcoming GDPR compliance date. More than a checklist, this is part of our DNA – and fundamental to the engineering framework to our solutions suite.
To learn more about how to leverage data for running your business and the Polytab analytics’ suite contact me via the link below to set up a demo
Image of Euro Man by Rock Cohen used with permission under Creative Commons license.