Are you protecting consumer data?
Many Columbus companies ignored the European Union’s General Data Protection Regulation (GDPR) Act because they didn’t conduct business in the EU or have clients there. As we’re beginning to see, it’s best to assume you’re at risk even if you don’t have clients in those countries, as there’s a possibility one might visit your website. Now, with the California Consumer Privacy Act (CCPA) in effect, that risk just came a lot closer to home – and it’s likely that in the next few years, more states and countries will adopt data protection laws that will impact your business more directly.
What Is GDPR?
The GDPR is designed to protect “fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” The law is applicable “irrespective of whether a payment of the data subject is required.” Basically, if someone visits your company website and you collect data about them, even for marketing purposes, and you don’t disclose that you do so and give them the opportunity to opt out, you can be fined. Even if you don’t have an office in the EU, you can be fined for processing the data of an EU citizen. You can find the full scope of the GDPR regulation here.
What Is CCPA?
The California Consumer Privacy Act is similar to the GDPR, in that it is designed to protect personal data. It grants Californians the right to know what data is collected, used, and shared; the right to delete their personal data; the ability to opt in or provide consent; and the right to non-discrimination. Right now, the CCPA only applies to businesses that have gross annual revenues in excess of $25 million, or receive and sell personal information for 50,000 or more consumers, or derive 50% or more of their annual revenues from selling personal information. You can obtain more information about CCPA here.
Is My Organization Really at Risk?
By Q4 2019, 80 companies had been assessed hefty fines – one as high as $201 million – for violating GDPR. It’s too costly to assume that you don’t need to worry about the potential risk to your business. We think every organization needs to act as if they have EU and California clients or customers and take steps to ensure compliance. It’s as necessary as remaining compliant with HIPAA or CIPA.
What Do I Need to Do to Comply with GDPR, CCPA, and Other Governance Demands?
The first step in better compliance is to understand what data your company collects. How is the data stored? Do you obtain personally identifiable information from customers? Do you process payments through your website and collect financial data? How are you securing data? Where are your backups? Are they safe? Once you’ve answered those questions, you can establish policies to govern how you store data, who has access to it, how long you keep it, and where you store it.
You Don’t Have to Do It Alone
Understanding the risks and meeting compliance requirements isn’t something you have to do alone. Many states have already introduced CCPA-like legislation; other states are considering stricter laws regarding personal data in biometrics, IoT, and credit data. Now is the time to be proactive in your effort to protect personal data. Compliance with CCPA and GDPR requires a variety of security measures, such as firewalls, network security, threat detection, vulnerability assessments, secure data storage, endpoint protection, and backup and recovery solutions. You should also be able to demonstrate that you’ve performed due diligence in protecting data, by meeting NIST standards and by providing employee training.
Outsourced IT solves a variety of problems for enterprises, from managing cloud security to assuming risk. Whether you want to outsource most or all of your infrastructure management, or if you simply want to optimize the systems already in place, thinkCSC provides personalized IT expertise that saves money and provides the manpower that ensures your infrastructure is always an asset – never a liability.
We would be happy to talk to you about how we can help you harness the power of our IT services in Columbus to ensure you meet compliance standards now and in the future. Contact us today for more information.