Preparing for GDPR

GDPR (2016/679) stands for the General Data Protection Regulation takes effect on May 25th.  This represents the most significant change in how organizations handle data on European Union citizens in nearly a decade.

The regulation was passed on April 27, 2016 but has not gotten much business media attention until the last six months or so, not even the tech media says much.  There also continues to be a lot of confusion surrounding this regulation.  One such area is that many believe this is a technical regulation, it is not.  There are technical requirements in there, but it effects all departments of an organization.  The other area of confusion is that this is being ignored if businesses do not operate inside of an EU member nation.

The regulation specifies that if you conduct business and retain information on any citizen of an EU member nation, you are subject to the regulation.  For example, if you are a school that has a student who is a citizen of an EU nation, you are required to meet the guidelines.  If you are a medical facility and you have a patient form the EU, you also have to meet the requirement.  If you are a training center and have students form there, you have to meet the regulation.

GDPR has stiff penalties for not being in compliance.  The penalties are 4% of global revenues or €20 Million, whichever is greater. Not 4% of EU revenues, global.

JSCM Group has been in compliance with they regulation since summer of 2017 and we are building in processes to ensure everything we do going forward continues to meet this requirement.

If you have questions or concerns on this regulation, or need guidance on compliance, please contact us to setup a private call on how we can bets help.