Selling Your Products in Europe? Make Sure You’re GDPR Compliant

General Data Protection Regulation (GDPR) is a piece of legislation regulating how companies should treat privacy and sensitive data of their customers. It was enacted by the European Parliament in 2016 and entered into force on May 25th, 2018. Even though this law affects primarily EU member states, its ramifications go well beyond European borders. Companies from outside the EU that have been doing business with its members and hence possess data on EU’s citizens are obliged to comply with the new set of regulations as well.

According to one survey, 52% of US-based companies fall under this new law. Unfortunately, as much as 91% of those American businesses completely lack awareness around GDPR while 84% of those companies may not understand how compliance with the new regulation should affect their operations. This is a serious problem. A lack of knowledge can be very costly since GDPR levies hefty fines – up to 4% of a company’s revenue – in serious violations. In this article, we analyze the basic tenets of this European law and advise how to make sure your business is in compliance with it.

5 Core Areas of GDPR

The new law defines 5 areas in relation to which companies must change their privacy policies and the ways of dealing with customers’ sensitive data:

  • Consent: Companies must obtain explicit consent to obtain users’ personal data. The consent must be informed and unambiguous.
  • Transparency in data processing: Data must be processed fairly, lawfully, and transparently, which means that a company’s privacy policy must not only be easily accessible, but also provided in plain language with easy-to-understand, unambiguous wording. Jargon cannot be used and it’s the company’s responsibility to make sure that a user can clearly understand how and why his or her data is processed.
  • The right to be forgotten: This means that a customer is now able to request that a company erase personal data the company may have about him or her and the company is obliged to do so “without undue delay.” Related to this is the right of consumers to obtain any data a company may have on them. The company is obliged to provide such data free of charge. Additionally, users are now able to switch their data between different vendors. This is known as data portability.
  • Security breaches: Customers now have an explicit right to know that their data might have been hacked and leaked. The notice of any data breaches should be provided within 72 hours from the event.
  • Data Protection Officer: In order to be compliant with the new law, some companies may need to appoint a DPO whose job will be to independently manage and assess how the data is handled within the company.

How to Ensure Compliance

If you have business operations in the EU and possess customer data of the citizens of any of its member states, you need to take decisive action in order to make sure that you are in compliance with GDPR. To do it effectively, you should review your internal policies with regards to data protection and processing. You should also be aware of what kind of data you have and how it is stored. A new, company-wide policy may be called for along with specific training to guarantee that each member of your staff knows and understands how he or she may contribute to ensuring compliance with the new regulation.

If you still have questions with regards to GDPR and how it may affect your company, it would be best to consult a lawyer directly and to explain the circumstances of your business to them. BRADFORD, LTD specializes in assisting American companies with their overseas operations. Call us today and schedule a consultation so that we can review data protection policies in your company and help you ensure you are compliant with GDPR and other pertaining laws.

The following two tabs change content below.

BRADFORD, LTD

Our national law firm works closely with clients in all sectors of technology, healthcare, and hospitality to develop effective and efficient strategies for dealing with litigation, corporate, regulation, and the competitive market.

Latest posts by BRADFORD, LTD (see all)