The European Union (EU) has been preparing for the implementation of the Global Data Protection Regulation (GDPR). Most US based companies are not aware of these broad ranging regulations that are intended to provide individuals protection over the storage and use of their personal information. As a hosting company, I-BN is keeping abreast of GDPR as it imposes strict rules on those hosting and 'processing' this data, anywhere in the world. However; this does not just impact us as a data processor, you should be aware and comply with the regulations if:
- You have a physical presence in the EU
- You sell goods to the EU
- Your organization process the personal data of EU citizens, whether they be customers, suppliers, employees or end users.
The rules basically state that the individual should have control over their own personal information, and accordingly states that:
- You must have permission to store the individual’s personal information
- You can’t transfer or sell the information to others without their permission
- The individual is entitled to see any personal data you have gathered.
- The individual can ask you to correct errors or delete their personal information
The GDPR was approved and adopted by the EU Parliament in April 2016, and is undoubtedly the most important change in data regulation in 20 years. If you think I’m joking, look at the non-compliance fines of up to 4% of an enterprise's annual global turnover or €20 million, whichever is greater. This is the maximum fine that can be imposed, with a tiered approach to fines for other infringements. These regulations will be enforced beginning May 25, 2018.
SAP has developed a very good and short Overview of GDPR that can help you understand the concepts and how they may apply to your business if you meet one of the three criteria above. In addition, the upcoming release of SAP Business One 9.3 (starting with PL04) will include specific tools for compliance as shown in this graphic:
For more detailed information, visit https://www.eugdpr.org/. You can also contact I-BN for information on how we are we preparing ourselves and our customers for GDPR.