$1.63 billion (£1.25bn) in fines – this is the possible penalty that could be applied to one US organization under the recently introduced European General Data Protection Regulation (GDPR) legislation. Facebook has been the subject of a number of data related investigations in recent months with the latest being a significant data breach which affected up to 50 million accounts world-wide. While the number of European users affected is less than 10 per cent of the total amount, the Irish Data Protection Commission (IDPC) believes that Facebook could be liable for fines up to $1.63 billion (£1.25bn). This would make Facebook the first major organization to be subject to the new severe GDPR penalties.
GDPR may be a piece of European legislation, however, it can have significant implications for US organizations who handle or store personal data of any European resident, which includes, employees, business partners as well as customers . In addition, while the current data protection legislation varies considerably across the US, it is clear that many states are looking at bolstering their data protection legislation and GDPR is seen as a blueprint for this move.
With businesses identifying cyber and data security support as being a priority, and in many cases not having the necessary in-house knowledge and skills, there is an opportunity to add real value to your customers by allocating time to understanding the basic compliance requirements of legislations such as; GDPR, Health Insurance Portability and Accountability Act (HIPAA) Sarbines-Oxley (SOX), Gramm- Leach-Bliley Act (GLBA) and the wider implications for the business operations. This investment in knowledge will allow service partners to demonstrate enhanced competency and, given the real possibility of new GDPR like legislations being implemented in various states in the near future, enable you to help customers prepare ahead of the competition.
For more information on how organizations can ensure their print and document management processes support the requirements of GDPR, please download the IDC report on Meeting Data Privacy Compliance.