By Arielle Mullen
Unlike American regulations, which generally favor business over the consumer, the EU has always operated from a consumer-first position. Hoping to set a global precedent, the EU has attached an aggressive financial penalty as punishment for any business found to be noncompliant with the new standards. These fines (4% of the company's total global revenue), could easily mean financial ruin for businesses of any size.
As consumer data is not necessarily restricted by borders, American businesses maintaining a database in which any of their users are EU citizens are now faced with two options:
- Block all EU users
- Implement measures to ensure compliance
If the latter option is selected, companies must adhere to many new stringent standards including:
- Privacy policies must be in easy-to-understand language with explanations of how data will be used
- Obtain consent to process consumer data
- Allow users to access their data at any time
- If data is breached, consumers must be informed
- Extra safeguards must be used for any sensitive data
If you feel your business is subject to the GDPR, we suggest reviewing the full list of restrictions.