Skip to content

Contact Us for a FREE Network Assessment at (520) 751-0888 or Request One Here

General Data Protection Regulation (GDPR). Does it affect your business?

GDPR and your business I.T. how will it affect you? Acacia I.T. in Tucson, Arizona

How does GDPR affect your business?

GDPR is the General Data Protection Regulation being implemented in the EU. In short, the GDPR aims to protect the “personal data” of EU citizens.  This includes how the data is collected, stored, processed and destroyed. “Personal data” means information relating to an identified or identifiable natural person. Here is where it gets a bit tricky; a person can be identified from information such as name, ID number, location data, online identifier. And additional factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This even includes IP addresses, cookie strings, social media posts, online contacts and mobile device IDs.

Your company is subject to the new law if it processes personal data of an individual residing in the EU when the data is accessed. So, if you sell over the internet to buyers within the EU you will need to comply with the GDPR. Also, if you advertise directly to EU countries for services (Lodging, Transportation, financial services, etc.) you will also need to comply.

This does not include general advertising on the Internet.

It is only for targeted marketing to countries and citizens residing in the EU, if you accept EU currency, have a domain suffix for an EU country, track behavior of EU residents, or markets in the language of an EU country then GDPR will apply to you. If you simply have an ad on Google and an EU customer responds but none of the above apply to you, then you are not subject to GDPR.

Consequences of Non-Compliance with GDPR

There are significant fines for companies that fail to comply. In the neighborhood of 4% of the company’s global annual profit or 20 million Euro’s, whichever is greater. Also, the notification of a breach is far shorter than US companies may be used to. The GDPR requires breach notification within 72 hours.

If you think you may need to comply with GDPR, give us a call and we can help get you compliant.

For the full context of the GDPR, visit here.