What is the GDPR?
The General Data Protection Regulation (GDPR) is a new EU privacy regulation that goes into force starting May 25, 2018. It introduces sweeping new changes to the European privacy rules and comes with stiff penalties for companies that don’t comply!

Who does the GDPR apply to?
Any business that processes the personal data (the equivalent of Personally Identifiable Information, PII) is required to

What penalties do I have for not being GDPR compliant?
Any US company that targets customers in the EU, while collecting information from inside the EU, would have to become complaint, with a small handful of exceptions. The penalties for not complying with GDPR on multiple provisions of it can be as much as 10 Million Euros, or 2% of the WORLDWIDE annual revenue, whichever is higher, and that’s just the lower level penalties.

What do I have to do to become GDPR compliant?
Look at the types of data you have stored. Are you currently storing and/or tracking information about European clients, based in Europe? Then you will likely need to adhere to the GDPR rules. Also, consent for submissions of information will need to be explicit and clear- any form of data submission will need unambiguous collection disclaimers, as well as clear communication (email, text, messaging, etc.) and opt-out/unsubscribe functions. That’s just on the superficial level – there are a whole suite of regulations similar to PCI/HIPAA and other forms of compliance that will have to be documented, adjusted, monitored, and reported.

What can I do about GDPR compliance?
If your business has a significant web presence in Europe, or specifically targets European customers, having Immersion Security perform a security audit is a good way to assess your existing privacy and security infrastructure, and to come up with a plan to help remediate, adjust, and maintain the security of your company. Contact us today to see how we can help you!