So first off, what is GDPR?
GDPR stands for the EU General Data Protection Regulation, which was put in place to harmonize data privacy laws across Europe – essentially reshaping the way organizations across the region approach data privacy and security by protecting and empowering all citizens. It can be viewed as a stronger approach to regulation after their first attempt, the Data Protection Directive, failed to urgently enforce data security.
In order to understand the GDPR, it’s important to first grasp the way it defines Personal Data. This includes who the data belongs to (which is the Data subject) and who the information is about. Each subject has comprehensive rights over their data trail, which includes ownership over any and all kinds of transferring or processing of their information.
When does it go into effect and will there be a grace period?
Enforcement is set to begin May 25th of this year and (as of now) there is no grace period. Since GDPR was originally adopted back in 2014, and entered into force two years later in 2016 – 2018 is a hardline for rolling out regulations.
What organizations will the GDPR affect and what questions should you consider when discussing the subject with your clients?
It’s important to brace yourself – don’t be surprised if many companies are still unaware of how the new regulations apply to them.
- Are your clients multinational organizations?
- Does your client offer goods or services (even free offerings) to EU residents and process their personal data in the conjunction with that offering?
- Does your client’s organization monitor people’s behaviors that take place in the EU? This can be something as simple as online data tracking.
- Do any organizations provide your company with EU personal data as their service provider? Examples of this can be: Software-as-a-Service, Cloud Computing, Box Storage, Shredding, Payroll Company, Email Marketing Firm, and the like.
What is required under the GDPR?
The GDPR will require an organization to build and implement an entire privacy program to protect the rights of all data subjects. From processing, to training, to recordkeeping, your clients will be required to be in compliance with Data Subject Rights, and if they are not – they may be subject to fines and class action lawsuits. Keep in mind that compliance is an ongoing process and an open and proactive approach to implementing these changes will go a long way.
And lastly, how can you empower your clients if they’re subject to the GDPR?
Transparent and proactive communication is key when discussing the GDPR with your clients. Take into account the above questions and remember, Wingman Insurance has resources to help. Email us to ask for additional information such as infographics on applicability and our online GDPR readiness assessment.
Want to learn more?