Now that almost a year has passed since General Data Protection Regulation (GDRP) became enforceable, I was anxious to learn the level of impact or influence this regulation is having on companies doing global business with the European Union today.
On May 25, 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) became enforceable to companies doing business in the EU. TOKENEX, one of our valued data security partners that protects our MLM software platform invited us to join their GDPR update webinar. Now that almost a year has passed, I was anxious to learn the level of impact or influence this regulation is having on companies doing business in the EU today as well as the level of consumer data protection that is being considered by other countries.
It wasn’t surprising to learn that the USA is biggest offender of the GDPR mandate. In fact, the US leads all countries in breach fees by almost double.
The Impact of a Data Breach
Some of the world largest companies like Facebook, Equifax, Google and Uber have been fined millions of dollars in breach fees. It’s obvious that no company is too big to not come under fire.
Business Gaps that Cause A Data Breach
TOKENEX identified four of the most common business gaps that cause a breach condition to be enforced under the GDPR mandate.
1. Poor Management
The “Individual right to be forgotten” requirement not being managed properly.
- Data Inventory
- Intra-system deletion
- Justifiable/lawful reason to maintain
2. Failure to Implement
The controller & processor formalized business relationship document is not implemented.
- Duration of processing
- Nature and purpose of processing
- Obligations and rights of the data controller and data processor
3. Notice Requirements
Notice requirements to the affected consumer is being omitted
- Prompt notice to controller and data subjects
- 72-hour notification to the Data Protection Authority
- Business Continuity – disaster recovery plan
4. Lack of Data Protection Officer
The appointment of a data protection officer to oversee compliance was found lacking.
Since the implementation of GDPR in May 25, 2018 many countries are following the EU’s lead in creating legislation to regulate consumer data protection information in their respective country.
As of today, the USA has no federal mandate…yet. However, individual states like California, Massachusetts along with several others are currently creating legislation to govern consumer data privacy in their jurisdiction.
By the end of the webinar, it was obvious that GDPR is not going away. It’s going to get more complicated, stricter and we’ll see variations of this mandate being enacted and implemented by other countries around the world.
At the end of the presentation, TOKENEX provided a few very important “takeaways” which helped me better understand what is happening now and where GDPR and similar legislation is heading in the near future.
- Regulations will get more complicated.
- Businesses need to define and implement a data-centric strategy to comply with these regulations.
- Interdepartmental involvement and communication between legal and compliance departments are critical. Too often, these departments are not on the same page leading to non-compliance.
- Be mindful that the law is applicable “where” the consumer resides, not where business is done.
- 60% of SMBs fail within 6 months of a breach due to the fine and damage to brand reputation.
- A company needs to plan and implement a long-term pseudonymization and data security solution as these regulations increase in scope and requirement.
Xennsoft works hand-in-hand with TOKENEX and other partners to ensure that our MLM software data protection solutions are compliant with GDPR and other arising regulations. They make it their business to help companies create and implement data-centric solutions to effectively meet the ever-changing landscape of data protection and security requirements around the world.
All images and graphs found in this presentation are taken from the TOKENEX webinar.