1. What is GDPR?
The GDPR is a regulation in European Union law on data protection and privacy applicable for all European Union(EU) citizens. All organisation are expected to comply with GDPR by 25 May 2018. The GDPR aims at giving control to the residents/individuals over their personal data by unifying and harmonising the data-protection regulations with the strict compliance requirements. The fines for not complying with the regulation can be either 4% of annual global turnover or €20 million - whichever is higher.
2. How does it impact a small business with no presence in Europe?
Even if the organisation is not has direct presence in EU, but doing business through its distribution channel and it collect, store, process PI or PII of EU citizens then they come under the purview of the GDPR compliance. This information is used for various purpose such as accounting, auditing, sales & marketing. For e.g.- Hospital specialising in Cancer treatment situated in south of India having EU patients, has to be GDPR complaint.
3. I don't have any European customers and no operations in the country, should I still worry about GDPR?
Yes, if any process or channel/distribution partners in your business operations ecosystem collect, store, process PI or PII of EU citizens. For e.g.: Cloud Service providers, Hotel Industry, Payment Service Providers.
4. Is sending customers GDPR-compliant terms enough?
No it is not. Depending upon the service or product which is utilised by the end –customer, the organisation needs to ensure that appropriate consent has to be taken from their customers through respective distribution channels. The organisation needs to ensure that it receives a notification when their customer revokes its consent to ensure that all the PI and PII are erased. This will unify the customer journey in giving and revoking the consent.
5. I haven't heard any issues related to GDPR so far. Is it not enforceable outside of Europe?
EU cannot enforce GDPR in the USA, GDPR is developed specifically for EU. Businesses who fall under the purview of the GDPR and doesn’t comply will be blacklisted or will not be allowed to do business in EU. Businesses in India have already started evaluating the impact of GDPR on them. Those who fall under its purview have already begin their GDPR compliance journey and those who have not are gearing up for its compliance.