By: Jordan Matulevich- Staff Accountant
The coming changes in the European Union’s new General Data Protection Regulation (GDPR) will have far reaching implications for businesses in the United States when it activates May 25, 2018.
While many may think GDPR may only affect the likes of Fortune 500 companies, the reality is any company currently possessing EU consumer data, or planning to someday, will be forced to comply with the new standards, or face harsh penalties. The user data covered by GDPR includes private user IP addresses, social security numbers, and other sensitive details. Noncompliance with the new ruling will result in a penalty of €20M ($25M) or 4% of global annual sales, whichever is larger.
The new GDPR regulations will force many American businesses to do a ground up analysis of how they are collecting and maintaining international user’s data. Experts predict the new regulation to result in restructuring costs around data processing and the creation of a new corporate officer position: data-protection officer.
The big questions that GDPR effected companies will be asking themselves is: how much consumer data do we have, how secure is it, and why do we have it? The regulation will now give international users the right to forbid companies from collecting and selling their personal data to outside organizations, as well as forcing companies to remove all personal data for a single user when requested– all expenses to be incurred by the company.
GDPR’s effects have the potential to reshape the landscape of global commerce, as well. Many companies will be unable to comply with the stringent structures needed to maintain data authenticity and will resort to either farming out data management to third party companies or incorporating existing data protection products into their repertoire. Companies like Microsoft have already jumped at the opportunities presented by GDPR. Many of the tech giant’s products already include data security tools such as within their cloud computing service, Azure, which includes many data protection features available to users.
While GDPR’s purpose may be to preserve the privacy of individuals; the business effects have the potential to put major strain on businesses unable to comply with the rigid standards. This is something our SOC team is following closely. We invite you to also visit our SOC Audit Services website to learn more: www.SOCAuditServices.com