Marketers and data services providers in the United States are preparing for the upcoming European Union data protection regulation and its potential impact on US businesses in their use and processing of EU personal data.
The General Data Protection Regulation (GDPR) takes effect on May 25, 2018, and will regulate control and processing of EU consumer personal data in and outside of the European Union. If your company offers goods or services to, or monitors the activities of, EU consumers, it may be directly regulated by the GDPR and have to comply with its requirements. Failure to comply subject to fines of up to 4% of annual worldwide revenue.
The GDPR includes new rights for EU consumers, strengthening their control over use of their personal data, creating a new right to be forgotten, and providing transparency for the use and distribution of their personal data. Controllers (or companies that determine the purposes and means of processing EU personal data) have new accountability, security, and breach notification requirements, and must enter into specific obligations with any processors of their EU personal data.
Data services providers like Experian have been preparing for GDPR by assessing their internal operations to review their intake, use, and processing of data to ensure they can comply with GDPR’s requirements. At Experian, we are taking the additional step of a rigorous self-assessment process to certify that we meet all Privacy Shield certification requirements before May 25. We do this so our clients can be confident in using Experian services that their EU personal data will be processed in compliance with GDPR.
For additional information on this topic, we encourage you to review the Data and Marketing Association (The DMA) industry guidance at https://thedma.org/resources/compliance-resources/gdpr-compliance/12-tips-marketers-prepare-gdpr-compliance/.
Of course, you will want to work with your attorneys and compliance team to confirm what your obligations may be with respect to the GDPR.