EU General Data Protection Regulation (GDPR) policy
The GDPR is designed to protect the personal data of all EU citizens and will be enforced on any organization, regardless of location, that collects and/or processes personal data. Failing to comply with the GDPR could be a costly, and potentially devastating, mistake. This policy will help ensure compliance before the law takes effect on May 25, 2018.
From the policy:
The EU General Data Protection Regulation (GDPR) is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise, or business safe from unauthorized access or use. The GDPR will go into effect on May 25, 2018, and the provisions in the law will greatly affect the manner in which every business transaction involving EU citizens is conducted from that point forward.
Provisions in the GDPR grant the EU the authority to enforce the regulations across international borders. That means a small 20-person company located in Texas that collects personal data from a customer residing in Paris in order to sell and ship a cowboy hat will be subject to the security provisions of the GDPR—and more important, will be liable for any penalties imposed for not following those provisions. There are no exemptions for size, scope, location, or first offenses. Fail to meet the provisions of GDPR and you will incur penalties.
Organizations that ignore the GDPR are opening themselves up to uncertain liability, substantial risk, and potential financial hardship. The gravity of the GDPR would suggest a prudent course of action is required, including establishing procedures, protocols, and policies that address and meet the requirements of the law. This EU General Data Protection Regulation (GDPR) Policy will give you a head start on building guidelines that fit your company’s circumstances.