In a digital world where even small businesses exist in the global marketplace, breaching international regulations can lead to costly consequences. One regulation you need to know about if you do even the most minimal amount of business with anyone in the European Union is the General Data Protection Regulation (GDPR).
Effective since May 25, 2018, the GDPR has had a major impact on how businesses, nonprofits and institutions must protect personal data coming out of the EU.
Carla Stone, president of World Trade Center Delaware, says that the vast majority of Delaware companies are responsible to comply with the GPDR, whether they know it or not.
“If you collect any data online, you’re responsible,” she told Technical.ly.
That could mean having an app in the app store, ecommerce on your website or even a newsletter signup.
And just because you think your only customers will be local doesn’t mean you’ll get a pass and that you don’t have to comply if a person from the EU comes to your site or app and gives you their data.
Compliance involves using opt-ins for data usage, data security and expunging data after a certain amount of time.
“While those U.S. companies with direct business in the EU already are taking steps to comply with the new GDPR, the regulation is so sweeping that many companies not expected to be subject to EU regulations are, in fact, caught in the net,” Stone said.
“Even small organizations or those that deal with very small amounts of data originating in the EU must evaluate if they are subject to the regulation,” she said, “and, if so, take action to comply — fines for noncompliance can be the greater of either €20,000,000 or 4% of the total worldwide annual revenues from the preceding financial year.”
Worried you might not be compliant? On Tuesday, Sept. 17, the Delaware Society of Certified Public Accountants, in partnership with World Trade Center Delaware, will host a class at the University & Whist Club in Wilmington called “GDPR — What You Don’t Know Can Cost You.”
Instructed by Bonnie Adler, William Denny, Austin Morris, Jr. and Reginald Ezeh, the four-hour class is designed for any company that handles — or may at some point handle — personal data from the EU.
The cost for the class, which runs from 8 p.m. to midnight, is $150.
P.S. On a separate but related note: Here’s what that new California Consumer Privacy Law means for your company, too.
Before you go...
To keep our site paywall-free, we’re launching a campaign to raise $25,000 by the end of the year. We believe information about entrepreneurs and tech should be accessible to everyone and your support helps make that happen, because journalism costs money.
Can we count on you? Your contribution to the Technical.ly Journalism Fund is tax-deductible.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!