The GDPR Is the Biggest Thing Since Sox

To those of you who have been dealing with data governance and compliance issues since the Sarbanes-Oxley Act (SOX) appeared on the scene in 2002 – are you having flashbacks yet? Once again, we are facing new, exceedingly strict regulations coming down the pike and once again, there are serious budgetary concerns around developing a compliance architecture. Many companies, in fact, still struggle with SOX compliance for various reasons. They adopt a reactive rather than a proactive stance when issues come to light, which is, as we all know, an inefficient and costly way to do business. While SOX applies to companies in the United States, the GDPR is focused on the EU. In both cases, however, there is an increasingly high degree of international overlap as companies continue to expand their global presence. Bottom line, if you do any business whatsoever with EU citizens—even if you’re a B&B who occasionally has European visitors—you need to pay attention. One major advantage we have heading into the GDPR is that these days, technology truly is on our side. That sign you’ve been looking for? This is surely it. If you have not yet begun your digital transformation, the time is now.

What Happens if You Do Nothing?

GDPR non-compliance has serious implications that will affect companies anywhere in the world who do business in Europe, or who do business with EU citizens. It’s a complex set of requirements meant to meet today’s increasing need for data protection against mounting cyber-threats as well as unauthorized use of personal data. This also extends to your marketing analytics as well as any online activities that involve collecting traceable personal identifiers. The consequences of non-compliance are great: companies could face fines of up to €10-20M – certainly not small change. Depending on the type of breach at issue, you may also be subject to an audit, a review of your licensing, your certifications, and you could potentially face restrictions on how you collect and process data in the future. If you are caught up in such an unfortunate situation, the damage to your company and your business reputation might be irreparable.

Act Now

There are so many layers of complexity in the GDPR that even the most seasoned CISO or other executive officer might be experiencing a few sleepless nights. Because of this, equally nuanced solutions are necessary. Above all, you want to avoid having to take a reactive stance in the instance that any of your systems or transactions are under scrutiny. Even if you have an internal IT team, working with an external consultant who specializes in data protection and compliance is a good idea. Chances are, your team has their hands full with your day-to-day operations and they may not be particularly well-versed in data governance. Working with a highly specialized crew to establish your GDPR strategy will give you the peace of mind you need to move forward with confidence.

Preparing for the GDPR is a massive undertaking, but it doesn’t have to be painful. With GRSee’s proven GDPR methodologies which address data security & governance, combined with strategic policy restructuring, you can achieve compliance in far less time and for far less money than you might think. GRSee is America’s compliance specialist: schedule a free consultation today and find out how easy it is to get started.