For example, a hospital will store different information than a retail organization, and a retail organization will store different information than an online marketplace. The U.S. holds certain privacy protection acts and standards as implemented by HIPAA, PCI DSS, and other smaller bits of privacy. However, the GDPR keeps the issue of privacy extremely simple. It doesn’t matter if the data is regarding credit information, healthcare records, or simply an online social profile – it is all protected the same. Of the respondents polled in the GDPR survey, nearly half (48.5 percent) with knowledge of the GDPR said that the requirement they anticipated being the most challenging was maintaining records of processing followed by 39.7 percent that said consent would be the most challenging.
Supported by data collected from the U.S. Small Business Administration (SBA), the GDPR may certainly pose direct risks to U.S. businesses. According to the SBA, 98 percent of businesses export goods internationally, putting them within the jurisdiction of the GDPR. The first steps any company must consider to mitigate their exposure to fines or risk include understanding the regulations and how data is used within the organization. Once risk and priorities have been identified, it is critical for organizations to identify and establish their lawful basis for processing of personal data. Using the trusted counsel of a compliance firm can help organizations to quickly identify both industry and organizational risk that, as a non-biased third party, are often otherwise overlooked. A risk management and compliance consulting firm can help organizations quickly identify risk, formulate a plan to mitigate this risk and set up ongoing monitoring programs to maintain valuable records of compliance.
To adequately become compliant with the GDPR and similar regulations, businesses must become educated on these regulations and determine how to conquer the requirements. Applicable data protection processes and procedures can help minimize exposure to fines, but also provide an opportunity within the market to reassure customers and earn their trust.
About the Author: Greg Sparrow is the SVP/GM of CompliancePoint. He has enjoyed over 17 years of experience in privacy, information security, and risk management. Sparrow has worked on both U.S.-based and international projects. He was responsible for the development and implementation of the security program’s responsibility for protecting billions of dollars in annual transaction volume. His most recent work includes security and certification work for Samsung Pay, enterprise risk management for multiple NFL and MLB sports teams, and helping to secure critical infrastructure at some of the nation’s largest transit hubs.
Back to HCB News
