Companies that do business in the European Union over the Internet will be required to meet requirements specified by the new General Data Protection Regulation (GDPR), which goes into effect Friday, May 25, 2018. The data privacy law is meant to protect the personal data of people within the EU no matter where in the world their data travels. The protection of personal data is considered a fundamental right by the EU. Companies with a database in the EU are required to adhere to the regulation. GDPR compliance entails providing EU-based customers with control over their data, including ways to monitor, check and delete their personal data collected by a company.
The regulations were announced in April 2016. Starting May 25, companies that fall under the regulation, including U.S.-based auto glass companies, will need to ask for customers’ consent to store and process their personal data. The consent must be given freely for a specific use and can be withdrawn at any time.
According to the regulation, “The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used.”
The regulation also offers consumer protection in case of a personal data breach.
The GDPR requires companies to notify its supervisory authority no later than 72 hours after becoming aware of it, unless a company can demonstrate that the personal data breach is unlikely to put the rights and freedoms of EU citizens at risk.
Companies that do not comply with the GDPR could face a high fine.
“Infringements of the following provisions shall…be subject to administrative fines up to [$23.6 million] (EUR 20 million), or in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher,” reads the regulation.