GDPR Increases Data Security Requirements On Companies Doing Business in the EU

The European Union (EU) has for decades been more stringent on data security and privacy than the United States.  A new regulation is going into effect in May of 2018 that bolsters these protections even further, increasing the amount of security required to safeguard EU citizens’ data.  This regulation applies to anyone collecting information on EU citizens residing in the EU, even if the company has no physical presence there.


The GDPR

The GDPR, or General Data Protection Regulation, is replacing an EU-wide privacy regulation that’s more than 20 years old.  It protects new types of data, including IP addresses, online cookies and RFID tags.  Data must be purged after it is no longer required to perform the activity the user consented to having done when they provided the data.  Companies must also delete personal data upon request, unless there is a legal requirement that the data be kept.

Some of the regulation in the GDPR is intentionally vague; for instance, companies are expected to provide a “reasonable” level of data protection, but reasonableness isn’t defined.  Presumably, what’s reasonable will become more stringent as technology continues to allow new ways to secure data.  The GDPR also doesn’t explicitly state who will be liable in the event of a third-party breach (such as a payment processing provider) although it implies that both parties could be found at fault even if only the processor was breached.

One thing the GDPR is explicit on – data breaches must be reported in 72 hours of the breach.  Given that many data breaches aren’t even discovered within 72 hours, this requirement will likely be among the most difficult to meet and result in plenty of fines being paid to the EU’s powers-that-be.

Do you have any data on EU citizens? Is your company able to handle these data requirements?  If you’re unsure, talk to your legal and technical teams about these new regulations and what they mean for your business.

To learn about how WingSwept can help your business leverage technology to get better results (and fewer data security fines) call us at 919-779-0954 or email us at Team_WingSwept@WingSwept.com.