If you own or work for a company of any stripe, chances are you’ve spent a solid chunk of 2018 dealing with GDPR. For those of you who were perhaps living under a rock and want to know, “what is GDPR?”, here’s the run-down.
The General Data Protection Regulation is a European Union directive which completely changed how businesses and bodies can handle customer data. Explicit consent must be given from a user before you can store or use their data in any way.
There are also limits to what can be stored, as well as a raft of new requirements for keeping that data secure. Customers also have greatly enhanced rights over their data.
If they ask you to delete or alter data pertaining to them, you have no choice but to do it. Did we also mention that failure to comply results in a $10 million fine (or up to 4% of revenues – whichever is higher)?
Despite it being an EU directive, GDPR US compliance is pretty much mandatory, since virtually all business will deal with EU citizens in some way. While you may know about compliance, you may be less clued-up on how these rules affect your IT systems.
Here’s how GDPR for US companies will affect your IT systems.
GDPR for US Companies: A Complaint ERP System
Enhanced data management software is the core of these new data protection laws.
The new requirements, which involve much more advanced managed, storage, and protection of data, mean that a legacy ERP system just won’t cut it.
You’ll need to significantly upgrade your ERP if you want to stand a chance of staying compliant. You can do this by upgrading to the latest suite, which you can do here: https://tomerlin-erp.com/epicor-upgrade/
Much Stronger IT Security is Necessary
The rules for GDPR compliance mostly concern data protection. You’ll be required to ensure airtight security for all of your EU customer’s data.
This means that standard IT security will not likely be sufficient. You’ll need to check out the security requirements and scan your system to see if it matches up.
There listed protection requirements for EU users are much, much more extensive than those for US users.
If your IT system security can’t guarantee protection from breaches or leaks, then you run the risk of an 8-figure fine.
Improved Access to Your IT Systems
GDPR is just as much about transparency as it is about protection. Users have the right to see exactly how you are using their data, as well as how any affiliates are using that data.
EU users also reserve the “right to be forgotten”. This means they should be able to easily have any and all data pertaining to them removed if they want. To stay compliant, you’ll have to make sure your IT systems allow for this kind of transparency and access. No-one said GDPR was going to be easy.
To learn more about how your IT systems can keep up with the requirements for GDPR for US companies or any other business advice you’ll need, make sure to follow our business hacks page for all the tips you’ll ever need.