Hardly a day goes by without news of some consumer privacy breach in either the physical or digital realm. While a significant percentage of these events are the direct result of attacks from bad actors, there are other problems related to how companies are managing the data associated with consumers today.
On May 25, 2018, however, any company in the European Union (EU) that is not in compliance with the new General Data Protection Regulation (GDPR) is at risk of a fine of up to 20 million euros (or four percent of their company's global top-line revenue). If that does not catch the attention of the C-suite, and encourage them to begin taking data privacy more seriously, it is likely that nothing ever will. The problem according to an IDC Research survey conducted on behalf of ESET, however, is that 25 percent of companies admitted they were not even aware of the regulations and more than half were unsure of the potential impact. What is perhaps even worse is that 20 percent have not begun preparing for GDPR at all and 60 percent were still getting their systems in line with the new rules.
For millions of digital enterprises in the EU now is the time to ensure they are in compliance. Every digital enterprise, regardless of location, should consider adopting more rigorous protocols when it comes to managing and processing customer data.
Companies should also notify the people affected by the breach, even before informing the data protection authority. If the 72-hour deadline is not met, companies are at risk of being saddled with significant fines (up to $10 million, or two percent of the global annual turnover, whichever is greater).