To Comply or Not to Comply, That Is The GDPR Question For Multinational Companies
The task of complying with all the requirements associated with the official May 25, 2018 General Data Protection Regulation (GDPR) enforcement deadline probably seems somewhat overwhelming and highly expensive for businesses around the world; certainly, including multinational corporations.
Education, preparation and implementation surrounding the GDPR compounds a multinational enterprise’s IT team’s regularly scheduled workload, just as it does for a small business.
However, in the end, there really is only one choice: full GDPR compliance.
Well, of course, you could ignore the international regulation, but you would do so at the risk of shelling out €20 million—or just over $24.5 million in U.S. dollars—in fines, along with some other potentially crushing penalties.
All in all, any investment you make in shoring up your data protection, according to GDPR requirements, is well worth it.
What Types of Companies Must Comply with The GDPR?
Essentially, any company that does business, or plans to do business, with residents living in one of the countries within the European Union (EU)—wherein they will handle those residents’ data—must comply with the requirements of the GDPR.
Approved by the EU Parliament in April 2016, the GDPR sets out to level the playing field for companies of all sizes performing transactions with EU citizens to thoroughly and properly shepherd their valued clients’ data.
The GDPR is applicable to any processing and all data that originates within the EU, regardless of what type of company is doing the data processing, handling, storage or transferring. GDPR Informer crystallizes the scope of the GDPR with the following statement:
“The scope of the GDPR, in other words, is borderless. It is the origin of the data that matters, not the domicile of processors.”
The only way to opt out of GDPR compliance, or fines due to non-compliance, is to eliminate European customers and users from your potential market. In our global economy where so many businesses—especially multinational enterprises—rely on e-commerce and overseas sales for a healthy profit, eliminating 28 countries chock full of potential consumers who need certain products or services, seems like a self-defeating option.
Why Do Multinationals Need to Care About GDPR Compliance?
Non-EU affiliates associated with a multinational business need to care about GDPR because they, most likely, have customers residing in an EU country. If the EU consumer data that multinationals collect during transactions is accessible from one central system to affiliates around the world, it is imperative that these companies understand how the data flows to ensure that cross-border data transfers comply with the GDPR requirements.
Another highly important reason to make GDPR compliance a priority is that non-compliance leaves multinationals subject to substantial administrative fines that designated data protection authorities (DPAs) are given authority to impose if they find cause.
The penalties for GDPR non-compliance are four percent of the company’s worldwide gross annual revenue or €20 million. Such penalties are applicable even if the responsible entity is merely a subsidiary with only a few employees, making it essential that multinationals make sure that any subsidiaries are on board, as well.
Additionally, DPAs hold the power to bar or ban data transfers from the EU to the U.S. parent corporation if they discover a non-compliance issue.
Are You Still Trying to Determine Your Multinational Status and Whether You Need To Prepare For The GDPR?
If you have holdings anyplace in one of the EU member states, your multinational business is subject to full compliance. At I.S. Partners, LLC., we know there is so much to consider regarding the GDPR. We can help you become more familiar with all the details and understand why it is so important that you become and stay compliant, without fail.
Many of our clients are just starting to grasp the breadth, depth and overall scope of this regulation and how it affects their business, and we are here and happy to help everyone get up to speed in plenty of time for the May 25, 2018 enforcement deadline.