What is GDPR?
McGinnis said this new European Union regulation updates the EU Data Directive of 1995, which regulated how Europeans’ personal data are processed. “A lot has changed with technology and the internet since 1995,” he said.
The GDPR specifies how Europeans’ personal information can be collected, stored, disclosed and used. The law is designed to provide citizens greater protection and control over their data.
Does the GDPR Apply to Me?
Although the GDPR only regulates how Europeans’ personal data are processed, it affects how organizations worldwide operate. That’s because it applies to any company that controls or processes EU residents’ personal data. The EU GDPR Compliant website defines these terms.
McGinnis said the GDPR affects most ATA-member companies. “The nature of business today is that people are generally open for business, and take orders from all over the place, and market all over the place,” he said. “Therefore, GDPR applies to a lot more companies than you’d initially think.”
Becoming Compliant
McGinnis recommends all companies conduct an analysis and ask, “Does GDPR apply to us?” If so, they likely must make changes to comply. He suggests business owners learn and understand what personal data are coming into their company, and how it’s collected, stored and used.
Once they realize what information their company has, they can rethink how they collect, store and use that information. They must also decide how to manage information, improve those processes, and make changes to comply with the GDPR.
By complying, they’ll address another big issue for companies: data breaches. Better data collection and storage processes help companies respond and react to a breach, McGinnis said.