The GDPR will change the way the personal data of European Union citizens will be handled.
However, it will not only be limited to companies located in the EU. It will have repercussions for any company that does company that handles or stores any personal information about its citizens in EU states even if the company does not have a presence actually in Europe. So basically if a company does not have a presence in the EU but processes the data EU citizens it can be held liable for noncompliance of the latest regulation.
Companies are demanding more clarification from the governing body
This change will challenge companies as they put in systems to comply with the act. However, the regulation leaves much interpretation as it states that companies must provide ‘reasonable’ level of protection for personal data; but it does not define exactly what is ‘reasonable’.
This gives the GDPR governing body a lot of self-determination when it comes to assessing the penalties for breaches and noncompliance.
This lack of understanding of the term ‘reasonable’ and the freedom of the governing body to penalize and fine noncompliance as they see fit is causing a lot of concern for companies. They will have to wait and see how regulators will assess the penalties during over the initial period of time when the regulation is enforced.
This is not the only concern
At the moment it is estimated that over 50% of companies believe that they will be fined by the new regulation and it is estimated that within the first year the EU could collect well over 6 billion USD in fines.
Breeching the regulations has serious penalties
If the companies are found to be in breach or noncompliant they can be heavily fined. These fines can be up to 20 million Euros or 4% of the company’s global turnover. The consequence will depend on which penalty is higher.
The waiting game
As the regulation will not become active until the 25th of May 2018 the companies will have to take the advised steps then wait to see if it was successful or not. However, taking these recommended steps is a very costly matter. It is anticipated that the majority of US companies will spend between 1 – 10 million USD to comply with the requirements of the regulations. Some larger companies are projected to spend over 10 million USD.