Warning: “GDPR Extortion” Could Hurt Your Business, Here’s What to Do!
By Itai Elizur
Most US-based business leaders are at least somewhat familiar with the GDPR (EU General Data Protection Regulation.) Although this broad set of data regulations is designed to protect the privacy of citizens in the European Union, it will significantly affect US businesses as well. It will also likely lead to a new and costly cybercrime: “GDPR extortion.”
How will EU-based data regulations affect businesses in the US? What is GDPR extortion? How can businesses protect themselves? These are the questions I’ll address in this article.
GDPR In a Nutshell
As the most comprehensive set of data-security regulations in history (99 articles organized into 11 chapters, to be exact,) the GDPR is raising eyebrows and anxieties worldwide.
That’s because capturing customer data helps businesses in all industries improve marketing, sales, customer service and many other efforts. Now, thanks to GDPR, companies have to collect data much more carefully.
GDPR gives EU citizens something that doesn’t exist in the US: the right to personal-data privacy. What kinds of regulations are included under this set of laws? Although GDPR gets quite complex, here’s a brief rundown.
An EU citizen’s right to data privacy now outweighs a businesses’ interest in collecting their data. Therefore, under GDPR, each EU citizen has:
- The right to choose whether or not to allow their data to be collected
- The right to see all the data that’s been collected about them
- “The right to be forgotten,” meaning their data must be de-listed by Google and other search engines upon request
- And finally – the right that gave birth to the GDPR extortion phenomenon, which is the right to be informed of data breaches within 72 hours (such as breaches resulting from hackers)
How GDPR Affects US Businesses?
Before diving into what GDPR extortion is, I must stress why US businesses are not in the clear here.
If your US-based business offers services to EU citizens or collects personal data about EU citizens, you must comply with GDPR regulations. Some of the US industries that are most likely to fall under GDPR include travel, hospitality, SaaS and ecommerce. However, any US-based business with a market in the EU should make preparations to meet the requirements.
What are the consequences for failing to meet GDPR requirements? Fines could be as high as €20 million ($22.7 million), although it’s not yet clear how such EU payments are going to be enforced in the US.
But the consequences for falling short of GDPR compliance extend far beyond debilitating fees. Companies with a large EU customer base could also face losing their good standing with a market of more than 510 million people.
With the threat of eight-figure payments on one hand and the possibility of sacrificing EU-customer trust on the other, many US businesses have no choice but to retool their data-management framework to comply with GDPR.
As if the steep consequences associated with GDPR noncompliance aren’t worrisome enough, EU and US business leaders have yet another reason to lose sleep: “GDPR extortion.”
The mad dash of executives who are …read more
Read more here:: SmallBusinessTrends