Just as the little girl in Poltergeist stared into the TV screen of white noise and proclaimed, “they’re here,” so now comes the long-awaited regulation from Europe on data protection.
As a user, it’s great to have control back of your data.
If you’re a provider of a software platform that involves user data, it can be scary.
The General Data Protection Regulation (GDPR) is a European Union framework for giving citizens control over their data while implementing strict rules for anyone processing or hosting that data.
It went into effect on May 25, 2018.
Even if you’re a US company with business primarily in the US, it most likely will impact your business as European citizens live and work in the US.
With the recent hearings in Congress focused on Facebook and its leak of users’ data, the GDPR becomes increasingly relevant to the discussion on how one can take back control of their data.
It won’t be long before the US passes laws similar to Europe’s GDPR.
GDPR requires companies
- Make sure contracts include a clear definition of data breaches and obligations to maintain GDPR requirements
- Know the location of all personal data, including credit card, bank information, healthcare, and more.
- Define in contracts with 3rd party vendors that use such data by defining the nature and scope of their access to the data.
The fines for failure to comply are extreme. The EU has grown tired of chasing sizeable American tech firms only to find they have little money in their European bank accounts. Now, failure to comply can exact a price of 4% of the company’s GLOBAL revenue.
Everlaw provides open-source advice and tools for GDPR compliance which you can see more here:
Open-Sourcing our GDPR Compliance Preparation For Articles 30, 32, and 35
Also, here’s a free tool from Everlaw, for assessing your data processing activities as defined in the regulations of GDPR: Everlaw GDPR Documentation Template
This tool combines documentation for GDPR Article 30: Records of processing activities, Article 32: Security of processing, and Article 35: Data protection impact assessment into one workbook (including a place to document Article 15: Right of access by the data subject).
Hall T. Martin is the founder of TEN Capital and a builder of entrepreneur ecosystems by startup funding through angel networks, funding portals, syndicates, and more. Connect with him about fundraising, business growth, and emerging technologies.