The GDPR is one of the toughest security and privacy laws. Drafted and passed by the EU, it holds obligations on all organizations (anywhere) as long as they are collecting data related to the people in the EU. If you’re running an eCommerce web store catering to the EU or are a business operating in the EU, you need to be aware of this new privacy law and its implications for your business.
As a NetSuite Solution Provider, we are committed to helping our customers comply with the GDPR, through our partnership with NetSuite and Oracle. We help clients develop industry-standard practices and policies tailored to their specific business model.
The General Data Protection Regulation or GDPR updates is basically an update to the existing data protection laws of the EU, which expands the privacy rights of EU citizens (in light of technology developments) and imposes new rules on companies, government agencies, non-profit organizations and any other organization around the world that offers products/services to EU citizens or collects or uses their personal data. Any company that fails to achieve GDPR compliance will be subject to heavy penalties and fines.
The purpose of the GDPR is to provide more rights to EU citizens and to provide better privacy protection for their personal data. So any company that collects their customers’ or visitors’ personal data or stores it anywhere must comply with the requirements that will be introduced in the GDPR. Some of the key ones include:
The GDPR will introduce increased fines and penalties for non-compliance to data protection laws, as compared to the previous Data Protection Directive. The fines will be determined based on the circumstances of each case. Under the GDPR, the supervisory authority can fine organizations up to 2% or 4% of their annual global revenue or €10 million to €20 million, whichever is greater. The supervisory authority can also direct companies to take corrective certain in order to improve their data security systems and processes, order them to remove certain data or even forbid them from transferring any personal data (in their possession) to other systems or countries.