What is GDPR Compliant?
What is GDPR Compliant?
The General Data Protection Regulation (GDPR) became enforceable on May 25th. Companies face serious penalties if they are found to be non-compliant with the regulation’s strict rules regarding the protection of data on European Union (EU) citizens. Although a lot of people have been talking about the GDPR, many companies are still unsure what it means to be GDPR compliant.
Protecting EU Citizen Data
Any company collecting data on EU citizens must comply with the rules of the GDPR, regardless of their geographic location. These companies must be extremely careful to protect all data that directly or indirectly identifies EU citizens.
Data protected under the GDPR includes, but is not limited to, name, address, photograph, bank account information, medical records, IP address, and even cookie data.
All information collected from EU residents must be protected. This means that IP addresses must be protected at the same level as more sensitive information such as a citizen’s bank account information.
Companies that are not able to prove that EU citizen data is properly protected face serious consequences. Penalties can be up to four percent of global annual turnover, costing larger companies tens of millions of dollars.
The GDPR states that companies collecting data on EU citizens must provide a “reasonable” level of protection. Unfortunately, the regulation does not specify exactly what this means. It is up to those responsible for the enforcement of the GDPR to determine whether or not a company is compliant. It’s crucial that companies collecting data from, or doing business with EU citizens learn all they can about this important regulation.
About the GDPR
The GDPR replaced the EU’s Data Protection Directive, which was created in 1995. Since that time, the Internet has grown and the rules defined by the Data Protection Directive have become outdated. The GDPR was created to address rising public concerns over data privacy.
Although the GDPR is designed to ensure proper protection of data, most of the requirements do not relate to information security. Instead, they relate to the processes and system changes that must take place in order to prove compliance.
Companies working with, or collecting data on EU citizens must be extremely careful to ensure compliance with the GDPR. Please contact us to learn how we’re protecting EU data collected from web sources.