With the day by day increase in activities performed over the internet and personal data is stored online, there is also an increase in the demand for the protection of the sensitive data of individuals. The Council of the European Union was focused on tightening up data protection laws as the consequence of consecutive data breaches by unidentified entities and large data handling organizations. The General Data Protection Regulation (GDPR) is the answer from the Council of the European Union to all these increasing demands of data protection and aims to reinforce and bring together data protection for every person living in the European Union (EU).
So, how does this affect American businesses?
Realizing the fact that data can travel well across the borders of the European Union, GDPR offers protection to the residents of EU irrespective of the region. This means that no matter where their data travels, every company, anywhere across the globe, which has a database that includes personal data of the residents of European Union is bound by General Data Protection Regulation. It impacts the business of all sizes ranging from micro level to multinational organizations and there has been no exemption. In order to comply with the General Data Protection Regulation, American companies need to have processes in place.
The new rules of General Data Protection Regulation became enforceable on May 25, 2018. It is sanctioned by the Council of the European Union and superseded the 1995 Data Protection Directive. Council of the European Union has provided a transition period of two years for the companies to move from the existing data protection practices to the practices that will comply with General Data Protection Regulation.
What does GDPR entail?
Mainly, GDPR offers protection to the data of the users in every imaginable way. It will restrict organizations from making use of or sharing personal information of individuals who are residents of European Union without their approval. They will also have all the authority to withdraw the approval provided to an organization whenever they want. In addition to that, they will also have the privilege to avail the right to be forgotten. This means that a consumer from European Union who ends his/her association with an organization will have the authority to instruct complete removal of their shared information.
Organizations must act in accordance with the new General Data Protection Regulation because in case of non-compliance the fines can be as high as 20 million euros or four percent of annual profit, whichever is higher. Moreover, in case of a data breach, the organization must inform the regulatory authorities of the breach within 72 hours.
Hosting companies are also required to follow appropriate security measure to protect the data of their clients. This includes remote hosting of servers to avoid any threat, storing decryption key further from the database and practicing correct ways to encode and decode data. Moreover, the cost of web hosting may escalate because hosting businesses will have to make sure the provision of extra security measures.