Just a year from the introduction of GDPR (General Data Protection Regulation), you may be excused in thinking that all the publicity and dire warnings about huge fines were just hype. While there hasn’t been a plethora of GDPR headlines recently, there has been a great deal of activity in the background. There were over 205,000 GDPR case violations reported between May 2018 and Feb 2019*. Of these, around 100,000 are still actively under investigation and include a number of US companies. In the same period, the number of actual data beaches has remained relatively constant at around 400 a month.
If you think that the regulatory authorities are only interested in pursuing large or high profile companies, think again! There have already been a number of cases where GDPR related fines have been applied to organizations who considered themselves not at risk, as they’re not a well known brand and have a low profile in the EU. These include a local hospital, a Chinese bike share company, and a small marketing agency in the UK and an entrepreneur in Austria – No company is exempt!
In addition, many US organizations may be unaware that they do not need to have a physical presence in Europe for GDPR regulations to apply. For example, if your US based customers receive web traffic from European visitors and this data is stored and tracked, GDPR still applies, regardless of whether they actively market their products to the European market or not.
Can you be certain your customers will not join the growing list of organizations under investigation under GDPR and / or any relevant US data privacy regulations?
With this in mind, now is a good time to help your customers review their data privacy compliance plans, not just in terms of GDPR, but also individual state legislation and industry regulatory requirements which are continually being updated.
For more information on how organizations can ensure their print and document management processes are compliant with the requirements of GDPR, please download the IDC report on Meeting Data Privacy Compliance.
*First overview on the implementation of the GDPR and the roles and means of the national supervisory authorities, February 2019