Does your business collect data or advertise to consumers? If so, there’s a solid chance that you have been impacted by GDPR — the EU’s General Data Protection Regulation — that was effective in May 2018. While multi-national corporations have been studying the effects of GDPR for several years and have spent millions of dollars implementing solutions to ensure they are compliant, other US businesses have been largely insulated from the impact of this far-reaching legislation overseas. This regulation is meant to “fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond” according to their website, and that reach certainly isn’t overstated. Global businesses continue to scramble to become (and stay!) compliant with these data-intensive requirements, but what is the expected impact on other US businesses?
GDPR Compliance, CCPA and LGPD
The European Union was proactive in the world market in terms of defining data protection policies, but two other superpowers aren’t far behind. California recently introduced its California Consumer Privacy Act (CCPA), while Brazil’s data protection policy has been dubbed LGPD, translated as the General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais). These are only the first in what is likely to be a slew of data privacy acts that can potentially impact US businesses, but California’s entry is the most immediately applicable. The CCPA contains many of the same restrictions against data that are found in the GDPR, making businesses that are already GDPR-compliant several steps ahead. The complexity of maintaining audits for these various rulesets will create an avalanche of reporting that will likely engulf businesses for the next decade.
Ensuring Data Privacy and Security
As businesses grow organically, it’s not unusual to find that there are various pieces of customer data that are stored in different locations throughout the organization. Perhaps you have a marketing database that includes items such as web browsing history, email addresses and SMS texting interactions while your CRM contains only a subset of that information (or vice versa!). Maintaining GDPR compliance will require you to fully audit your customer data points across the organization, ensuring that each contact has more transparent control of their communications. This can impact teams dramatically, as sales and marketing professionals suddenly find that customers are opting out of communications at an unprecedented rate as the process is simplified and consolidated. Technology teams will be challenged to quickly roll out sweeping changes to data storage and protection measures — while still keeping business strategy delicately balanced against the needs of the various data protection compliance requirements.
Penalties for Non-Compliance
Mid-size US businesses without a major EU component to their database may have felt relatively complacent, and understandably averse to spending millions of dollars to make their businesses fully compliant. Unfortunately, the global nature of today’s businesses and the heavy penalties for non-compliance has CIOs and CSOs scrambling to find the assets that they need to interpret the convoluted laws and define how their business can become compliant. In this first year after GDPR became active, audits are beginning to reveal that businesses are still finding gaps in their data storage and privacy solutions that need to be quickly addressed. From process analysis to data protection governance and risk management, your organization has a total of 10 essential areas of the GDPR to cover before they are considered fully compliant for audit purposes. Penalties and fines are imposed based on the nature of the infringement, the history of the business, and even the intention of the business to become compliant — making it essential that you document the steps taken and processes changed as you work towards compliance.
Searching for the right IT advice to ensure that your business is fully compliant with any applicable data security requirements? CIO Advise works with top organizations to understand and implement intricate CRM and data storage solutions that protect your business without creating unnecessary barriers to productivity. Schedule a no obligation consultation at cioadvise.com or contact us directly at 833-CIO-ADVS today.