Whether you run an online-only business or just simply accept credit card payments in your store, you rely on customer data for the success of your company. As a business owner, you know that keeping this data safe is of the utmost importance. Here’s what you need to know about data privacy, and how to stay on top of important guidelines and laws that help keep your customers, and your business, protected.
Understanding how European laws affect you
The United States has not adopted a comprehensive Federal information privacy law and instead has various local laws in place. But in May 2018, a European privacy regulation called the General Data Protection Regulation or GDPR, went into effect. It applies to companies worldwide, including yours, if you do business in the EU.
The GDPR compels companies in the EU, and those that do business there, to comply with how they store their customers’ and employees’ digital data. It requires that companies do the following:
- Explicitly get the consent of their customers for processing personally-identifiable data, including names, email addresses, and phone numbers
- Protect the security of this personal data and keep it only as long as necessary
- Inform customers about how their data is protected and notify customers of any security breaches
Violations of the regulation can lead to steep fines. For example, a lost company mobile device that carries personal data can lead to fines of up to €20 million, according to research firm Gartner.
If your company does business in Europe, it’s essential that you comply with these company privacy laws. But even if you only operate domestically, the new regulations offer a way forward for responsibly handling the private data of your customers.
How to stay in compliance
The requirements can sound daunting, but many resources are available to help you ensure your organization is compliant.
- The official European Commission. This site offers a simple, seven-step guide to preparing your company’s data. There’s also a helpful infographic on defining personal data and what your company needs to do if it serves European customers.
- Microsoft GDPR Guide. Take these quick self-assessments to help you determine what your business needs to do to protect digital privacy rights. The site includes an overview of data privacy protection, as well as webinars and white papers on data privacy.
- Google’s GDPR Guide. If your organization stores data using Google’s G Suite or Google Cloud tools, you’ll want to look over their guide to make sure your organization follows legislative requirements.
For companies that store private data — but who don’t have the expertise to make sure they’re GDPR compliant — experts suggest seeking out consultants and possibly legal representation to develop a data privacy roadmap. Make sure there is a plan to respond to any data breach and notify customers. In some cases where large amounts of personal data are stored, GDPR requires a Data Protection Officer (DPO) be appointed. Most importantly, have a safe way to store data at the source. Comcast Business offers cloud solutions like Carbonite Pro, which ensure data security.