Not yet GDPR compliant? Here’s how to minimize your organization’s risk

On May 25, after a two year transition period, a strict new regulation designed to protect personal data used for business purposes in the EU — the General Data Protection Regulation (GDPR) — will become effective.

As many of those impacted know, this will have significant implications for organizations worldwide (including potentially hefty fines for noncompliance), regardless of whether they operate in the EU. That’s because the GDPR’s scope is extraterritorial, and requires any organization in any location to adhere to specific rules when processing (i.e., collecting, using, storing, sharing, or deleting) any personal data related to any EU activities. Or, put another way, even if a company isn’t based in the EU and has no operations there, it must still comply with the GDPR if it receives and processes data from an EU-based customer.

But are organizations ready for this potentially onerous new requirement?

Yes and no says Greg Albertyn, an information privacy and security compliance expert with Riebeeck Associates. Albertyn, who is working with a number of U.S. and EU clients on GDPR compliance, says the question, which is common, supposes a clear line between compliance and noncompliance, which isn’t always the case.

Call msi for more information on how we are keeping PII safe.