Non-EU businesses unaware of need to be GDPR compliant

Even if you’re outside of the EU, the General Data Protection Regulation could affect your business 

Even if you’re outside of the EU, the General Data Protection Regulation could affect your business

May 25, 2018 marks the enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) which will have implications for organizations all over the world. But how prepared, or even aware, are organizations in non-EU countries? According to NTT Security Risk:Value 2017 report, only 25 percent of business decision makers in the U.S. and Australia, and 29 percent in Hong Kong, believe they are subject to the GDPR.

As each country plays leapfrog to update their data laws and catch up with technology or each other’s legislation, it can be difficult to keep up. Especially when it’s foreign legislation that affects your business’ activities. With today’s borderless digital world and increasingly global economy, the implications of the GDPR will reach organizations far and wide outside the EU; whether you’re ready or not. 

Regardless of your location or headquarters, if you collect, transfer, or process EU citizens’ personal data, the rules of the GDPR apply to you. That’s a huge number of organizations around the world. So even if you’re an organization outside of the EU, you need to be thinking about this legislation, its implications and compliance.

The GDPR aims to harmonize varied data privacy legislation from each of the EU member states. It provides strict guidelines on the collection and processing of EU citizens’ personal data. It’s a much stronger evolution of the 1995 EU Data Protection Directive, tightening and reforming the responsibilities of data controllers and processors. 

Most prominent to international organizations is the expansive jurisdiction of the GDPR which could easily affect your organization. Those offering paid or unpaid goods and services to individuals in the EU or those monitoring the behaviour of EU citizens fall under the scope of the new legislation. Therefore, any organizations that trade with the European market or target EU citizens must comply. 

It’s time for global businesses to get compliant before the GDPR is enforced in less than a year’s time. And with hard sanctions for not complying, including fines of up to EUR 20 million or 4 percent of global annual turnover and liability for damages, compliance should be at the top of your agenda. 

Our team here at Crown Records Management are GDPR experts and can help you get prepared in time. For consultation on GDPR compliance, contact your local branch or submit an inquiry today.