By Katy Spence
Montana World Trade Center (MWTC) continues to be a resource for companies seeking to learn more about the European Union’s (EU) General Data Protection Regulation (GDPR). On November 27, more than a dozen company representatives met at or tuned into a TechEx presentation about GDPR six months after its adoption.
TechEx aims to connect Montana businesses in industries such as cloud computing, photonics, and bioscience with insights from international trade and technical law experts. This is the second session MWTC has hosted about GDPR, building upon its introductory session in May.
Isabelle Roccia, Senior Policy Advisor with the U.S. Mission to the EU, skyped in from Brussels, Belgium, to give attendees a high-level view of why the EU enacted GDPR and where enforcement of the regulations is today.
GDPR was proposed in 2012 as a replacement for the 1995 Data Protection Directive. After four years of negotiation, the new regulations were adopted in 2016. As of May 25, 2018, any company that processes the data of EU citizens is subject to GDPR. Roccia pointed out that companies who simply target EU audiences may also be subject to the new regulations.
Under the new regulations, individuals have more control over their personal data. Among other rights, EU citizens have the right to erasure, or the right to be forgotten. In other words, under certain circumstances, companies must be able to remove someone’s personal data from their systems within four weeks of a request to do so.
Failure to comply with these or other requests could result in fines up to four percent of a company’s annual revenue or €20 million ($25.5 million), whichever is greater.
Roccia said no fines have been enforced during the first six months of GDPR’s implementation, though several complaints have been brought forward and warnings given. It’s anticipated that fines will begin to be enforced before the end of 2018.
The full reach and implications of GDPR are still unknown, Roccia said, and it’s also unknown how Brexit will affect or be affected by GDPR.
“I can’t just hand you something that looks like a menu and you go through it,” Henry said.
The best approach, Henry said, is to examine how your company uses and shares data at every level: Look at what data is collected, where it goes, and who has access, to start with.
Thinking through every step of the process is vital, especially for smaller companies who could be shuttered under such steep fines. Henry said legal consult may not be as cost prohibitive as it may seem.
“I’ve helped people to get compliant for less than $1,000,” Henry said. “And on the other hand, I have a big client who does millions of dollars of business every single month. And obviously, that costs them more.”
Henry reiterated Roccia’s point that GDPR enforcers are still working through the process of enforcement and added that this may result in more time for companies to become compliant. However, he urged attendees to act sooner rather than later.
“It’s one of these things where you shouldn’t lie awake at night thinking you’re going to get a fine, but it’s also not something you can sleep through until someone knocks at your door,” Henry said. “I think you’re somewhere in between.”
MWTC recorded a video of the events and is making the recording and presentation materials available for a fee to those who want to learn more. There is a 10% discount for Alliance members. For more information, email firstname.lastname@example.org or call 406.243.6982.
About the Author: Katy Spence is the Communications Director for the Montana High Tech Business Alliance. She worked previously with the Missoula Current and Treesource, and has an Environmental Journalism Master’s Degree from the University of Montana.
About the Publisher: Launched in 2014, the Montana High Tech Business Alliance is an nonpartisan nonprofit association of more than 350 high tech and manufacturing companies and affiliates creating high-paying jobs in Montana. For more information, visit MTHighTech.org or subscribe to our biweekly newsletter.