With a May 2018 enactment date looming, ensuring GDPR compliance is a top priority for international businesses and corporations. In a recent PwC survey, 92% of U.S. companies said GDPR is a top priority on their data-privacy and security agenda. The law affects all companies that handle data about EU citizens. We offer a glimpse at the regulation and share key resources to assist businesses with preparation.
Frequently Asked Questions
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation intended to strengthen and unify data protection for all individuals within the EU. It’s designed to empower citizens to take control of data privacy in an increasingly interconnected world.
What is considered ‘personal data,’ under GDPR?
The definition of personal data is extremely broad under GDPR. According to the tenets of the regulation, personal data could be physical, physiological, genetic, mental, economic, cultural or social identity information relating to a data subject. Examples of personal data could include name, photo, email address, bank information, social networking posts, or medical information.
When will GDPR take effect?
The regulation was passed in April 2016 and will take effect in May 2018, after a two-year transition period.
If GDPR is a EU-based regulation, how will it affect US-based businesses?
The regulation will apply to organizations outside of the EU if they offer products or services to customers within the EU, or if they hold personal data of data subjects residing in the EU.
What are the consequences for failing to meet GDPR compliance standards?
Businesses can be fined a maximum of 4% of global annual turnover, or up to €20 million, for failing to comply with GDPR. This penalty is for the most serious infringements, such as not having sufficient customer consent to process data or violating Privacy by Design concepts.
How can we ensure our business is GDPR-compliant?
Before implementing any new processes or solutions, discuss the approach with your ecommerce solution provider and implementation partner, if applicable. Certain Gorilla partners, including Magento and SAP Hybris & Gigya, have created robust resource materials to assist in guiding compliance efforts. We also recommend discussing any GDPR-related solutions with a legal professional before implementation.
SAP Hybris & Gigya
- GDPR and Gigya Overview
- Gigya Guide to Addressing GDPR
- Gigya GDPR Technical Self Assessment
- Data Sheet: Gigya and Global Regulatory Requirements
- 2017 State of Consumer Privacy and Trust
- Product Brief: Gigya Enterprise Preference Manager
We’d be happy to discuss your GDPR compliance strategy in more detail and offer additional resources. Contact us for a more personalized conversation.