Europe is poised to roll out the final terms of the EU General Data Protection Regulation (EU GDPR) by the end of the year, and is expected to come into effect in 2017. The EU GDPR is set to drastically change data protection law, with a wide-reaching impact that even US CIOs and CISOs should be aware of. Unfortunately, it looks like awareness of the changes in the US is still low.
Set to update data protection laws to reflect current trends in cloud computing, mobility and endpoint security, the new EU GDPR regulations will impact all organizations with EU customers, regardless of their geographic base. As many US organizations now operate with a global customer base, the EU GDPR has the potential to impact most US organizations. This could include tighter requirements for consent to process data, restricting on profiling, data breach requirements, the “right to be forgotten,” and penalties up to €100 million, or 2.5% of annual worldwide turnover, whichever is greater.
According to a new survey from TRUSTe, only half of US-based organizations are aware of or are preparing to deal with the requirements of the EU GDPR. Given the lack of Federal data regulation requirements in the US, the stringent requirements of the EU GDPR may come as a shock to many US organizations. According to the study, awareness of the changes was the highest amongst financial services companies (58%) and lowest amongst tech companies that are some of the greatest users of data (43%). Lest you think this lack of awareness is US-centric, the survey revealed that many organizations in the UK, France and Germany are equally unaware or unprepared to deal with the requirements of the GDPR.
I also invite you to read about the Top 5 Things You Need to Know about the EU GDPR, then take steps to Avoid the Pitfalls of the New EU Data Protection Regime. It may be possible to avoid EU GDPR fines by driving you have data policies in place, are educating employees, and using suitable technology to protect data. On a broader note, you can learn about the recent updates to global data breach notification laws and how to meet key compliance requirements in our recorded webcast with Laura Robinson, Principal Consultant at Robinson Insight.
Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smart phones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.