Companies inside and outside the European Union are feeling the impact of GDPR–and if you’ve noticed the glut of complex and long-winded cookie notifications, you can see why. Businesses looking to operate data processing infrastructure or collect data in the EU must comply with GDPR. To streamline the process, the EU recently approved a central certification mechanism called Europrivacy.
Have you noticed the increasingly-complex cookie disclosure forms popping up on even the most unassuming website? These expanded forms aren’t present because digital businesses have suddenly decided informing customers about their data collection practices is an ethical imperative. Instead, these companies are most likely working with customers in both the U.S. and the EU, and they find themselves facing significant backlash if they aren’t following strict transparency rules.
These GDPR rules define potentially devastating penalties for unassuming companies, and these penalties can come for the most unexpected reasons–if you don’t know the rules.
The General Data Protection Regulation (GDPR) has fundamentally changed how organizations do business in the European Union. It isn’t enough to undergo audits or meet arbitrary security requirements. Like many high-stakes security contexts, GDPR requires a company to dedicate significant time to maintaining data privacy, cybersecurity and consumer rights.
To help address high-risk data processing situations, GDPR may require your business to complete a Data Protection Impact Assessment or a DPIA. For many companies, these are not optional so we will cover the details in this article.