Maximizing Your Profits. Reducing Your Risk.
Is Your Business Prepared to Comply with The New GDPR?
You may be asking yourself what is GDPR (General Data Protection Regulations), why am I hearing about it so much and how does it apply to my Kansas City area business. On May 25, 2018, these regulations will be going into effect, and as an attorney that specializes in business law, I anticipate many of the organizations that I do business with to seek guidance on how to make sure they are in compliance.
First off, let me explain what GDPR is. It is a new European data protection law that will regulate how the personal data of EU citizens can be collected, used and maintained, along with giving the individuals more control over their own data.
What Does This Mean for Your US Business?
If your business has a strong internet presence and markets over the internet, you should be adjusting your Privacy Policy. It means that through the implementation of the GDPR yours and many other companies that do not already have a comparable level of data privacy in place will need to ensure that you are in compliance with the new regulations, as well as, make sure the companies and partners you work with are also GDPR compliant. This also means that even though your business is not located in the EU, if you do business with or processes any personal information of its citizens, then you need to be in compliance.
As an attorney let me offer some pointers for your business to consider:
First, I would suggest creating an action plan that includes a team that will educate and train your entire business on the regulations. Having a staff that is versed in the regulations and compliance is imperative for success.
Next, audit your data- Where is your data stored? Why are certain forms of data collected? How does your company obtain this data? How much duplication of your customers’ data exists across multiple sites. I would suggest minimizing the data your company holds. Less data=less risk of non-compliance.
By asking these questions you will create an overall idea of where the different types of customer data are residing, and what course of action to take to get your business in compliance.
My next recommendation is to audit your service provider’s data. This is where your company could fall short and develop the most risk. It is important to review who you are using as a third-party service provider and how they store data. If they are not in compliance, your data could also fall short of regulations.
By taking the steps to follow the GDPR regulations you will be protecting your Kansas City business from reputational damage. Once the new regulations become law, it is likely that the first companies that are non-compliant will receive negative attention. Not only that, but competitors will use it as an advantage when positioning themselves in the marketplace. Lastly, by complying and being proactive your business will save itself from hefty penalties that are anticipated.
If you need further advice on complying with the GDPR with your current business or are starting a new business here in Kansas City and want the advice of a business attorney, call Jeff Coppaken to set up a free consult.