The Washington My Health, My Data Act (WMHMDA)
All that talk about the General Data Protection Regulation (GDPR) has fuelled the business world’s scramble to update their privacy policies.
But despite the hype and horror stories about noncompliance, not all businesses need to be GDPR ready. For a business owner, this probably comes as a relief as meeting the requirements laid out by the GDPR demands a considerable amount of time, money and effort!
Before you commit to overhauling your current practices and beaming out new privacy notices, here’s what you should know about the GDPR, whether it applies to you, and the risks of noncompliance.
Because the GDPR was developed specifically to protect people within the European Union (EU) and the European Economic Area (EEA), the laws could impact any business that engages with individuals or other businesses located within those boundaries.
Your business might not need to comply with the GDPR if:
While the GDPR makes a more complicated task of online business and digital marketing, it’s important to appreciate why the laws were created. Currently, there is no global standard for data protection. Different regions, countries and states are subject to different laws with varying degrees of enforcement.
To provide a more cohesive and effective framework to safeguard people’s privacy, the new GDPR laws were created and came into effect in 2018. Besides mandating full compliance throughout the EU and EEA, the GDPR gives people more control over their personal data than ever before and is already inspiring new legislation around the world.
Depending on your level of infringement (and other criteria), a fine can range from €10–20 million or 2–4% of your annual revenue from the previous financial year.
Besides the financial penalty, you may also be putting your customers’ privacy, and trust in you, at risk. Each new report of a data breach and privacy violation contributes to the growing groundswell of consumer concerns. To stand apart, as worthy and credible brands, businesses would do well to align with the GDPR’s move towards trust and transparency.