The GDPR is one of the toughest security and privacy laws. Drafted and passed by the EU, it holds obligations on all organizations (anywhere) as long as they are collecting data related to the people in the EU. If you’re running an eCommerce web store catering to the EU or are a business operating in the EU, you need to be aware of this new privacy law and its implications for your business.
As a NetSuite Solution Provider, we are committed to helping our customers comply with the GDPR, through our partnership with NetSuite and Oracle. We help clients develop industry-standard practices and policies tailored to their specific business model.
The General Data Protection Regulation or GDPR updates is basically an update to the existing data protection laws of the EU, which expands the privacy rights of EU citizens (in light of technology developments) and imposes new rules on companies, government agencies, non-profit organizations and any other organization around the world that offers products/services to EU citizens or collects or uses their personal data. Any company that fails to achieve GDPR compliance will be subject to heavy penalties and fines.
The purpose of the GDPR is to provide more rights to EU citizens and to provide better privacy protection for their personal data. So any company that collects their customers’ or visitors’ personal data or stores it anywhere must comply with the requirements that will be introduced in the GDPR. Some of the key ones include:
The GDPR expands the rights of EU citizens and provides them better control and ownership of their personal data. It also gives them the right to delete/restrict their data and the portability of that data
For companies operating in multiple EU states, the GDPR mandates the appointment of a data protection officer to oversee their GDPR compliance. It also requires such companies to work with a supervisory authority in order to resolve any cross border data protection issues that may come up
The GDPR requires companies to implement appropriate levels of data privacy policies and security protocols, in order to prevent the loss/leak or unauthorized use of personal data. All companies collecting or handling personal data will have to document and maintain records of their security practices, conduct regular assessments/audits of their data security systems and take corrective measures if any lapses are discovered in those data security audits
The GDPR also requires companies to report any data breach to regulators within 72 hours of learning about the breach. Along with this notification, they must provide all details about the nature of the breach and the number of individuals affected by it. The company must also notify the affected individuals as quickly as possible, so they can take remedial action
The GDPR will introduce increased fines and penalties for non-compliance to data protection laws, as compared to the previous Data Protection Directive. The fines will be determined based on the circumstances of each case. Under the GDPR, the supervisory authority can fine organizations up to 2% or 4% of their annual global revenue or €10 million to €20 million, whichever is greater. The supervisory authority can also direct companies to take corrective certain in order to improve their data security systems and processes, order them to remove certain data or even forbid them from transferring any personal data (in their possession) to other systems or countries.
Due to our partnership with Oracle NetSuite and our experience with the NetSuite platform, it’s APIs and the underlying data structure (thanks to our broad portfolio of NetSuite Customizations and data Connectors), we’ve developed a strategy to help our customers comply with the GDPR.
© 2020, Folio3 Software Inc. All rights reserved.