Mobile Search Mobile Menu
Jayne Hallock
November 28th, 2017

In the already hot industry of Identity Management, there is one identity concern that burns just a bit brighter in the minds of many modern businesses: GDPR.

Compliance is not optional, not simplistic…and nothing to mess around with. The financial impact of non-compliance could literally put some enterprises out of business.

It’s something we all have to get good at, quickly.

That’s why we are debuting a new series of articles to help you understand and better prep for the looming May 2018 deadline. In the coming months, we’ll cover everything from compliance strategies to data portability to planning and updates. We’ve already published an overview of GDPR in the past, reviewed some quick ‘need to knows’  and today we’re talking about…

The Risk

With the holidays fully upon us, an increasing number of consumers will be sharing their personal data with practically every single gift purchase.

You may recall that the Target Corporation suffered a severe data breach in late 2013, precisely in the middle of the holiday shopping season, exposing the personal information of around 110 million customers. As a result, 47 states brought a lawsuit against Target which ultimately settled earlier this year for $18.5 million. Consumer confidence in the retail chain dropped precipitously. And in the four years that have passed since the initial data breach, Target estimates the total expenses that were incurred as a result of the data loss were nearly $300 million.

Currently there are only limited government protections in the United States that protect consumers from this type of data breach. Across the Atlantic, however, the European Union has been attempting to address this type of problem for several years. In early 2016, the European Parliament passed the General Data Protection Regulation (GDPR) which will be fully enforced effective May 25, 2018. Entities that expose consumer data for whatever reason will be subject to heavy fines.

Why should this new regulation worry a company based in the United States? The GDPR not only applies to organizations located in Europe, but will also cover any organization located outside of the EU if they “offer goods or services to, or monitor the behavior of, EU data subjects.” Therefore, it applies to all companies that process or hold the personal data of any citizen of the EU regardless of the company’s location.

Google, Amazon and Facebook are all based in the United States, but they will be subject to this rule as of May 2018. Any of those companies – or any company doing business with EU citizenry – could be fined up to 4% of their annual global turnover or 20 million Euros (approximately $23.5 million).

Lastly, not only do these rules apply to companies with fixed data servers; the exposure of any personal data stored in the cloud would also be subject to these penalties.

With the new regulation enforcement date fast approaching, all entities doing business in the European Union will need to be up to speed on the regulation and ensure that their customer data is well protected. Simeio is poised to assist businesses with data protection in compliance with the GDPR.

Stay tuned (or just subscribe!) and in the coming months we will delve further into this new regulation and discuss how to better protect client data no matter where your company does business.