GDPR Tip of the Day (5/10). This is a huge one!
We're half-way through the tips of the day in the run up to GDPR coming into effect next week. So far you've learnt to be transparent, ask for consent, and that you almost certainly don't need to get your existing users to opt-in again (despite popular belief). You've also learnt that if you're a European company then you were probably already doing most of what you needed to do before the term GDPR was ever muttered. But, and here's the biggie for a lot of international companies: it doesn't stop in Europe!#
Even if your company isn't based in Europe, you still need to be GDPR compliant if you are collecting and/or processing data about European citizens. No matter where you are in the world.
That's right. You could be an American company, an Asian company, or any company around he world. If you collect or process data about European citizens then you need to be GDPR compliant. You could be an online retailer, a consultancy organisation, or any other type of company. While it is not yet completely clear how Europe will police and enforce this for international organisations, it is very much a requirement and expectation.
You have already seen European Ministers demand that Facebook's Mark Zuckerberg testifies in front of them, and that's before GDPR. Time will tell, but GDPR needs to be taken seriously, no matter where you are based. And don't forget that the fines could be up to 4% of your company's GLOBAL revenue, so international companies need to take special note.
Previous tips of the day in this series:
Day 1 of 10 tip of the day - tell them what you want to do
Day 2 of 10 tip of the day - get their consent!
Day 3 of 10 tip of the day - existing users? Delete? Opt-out?
Day 4 of 10 tip of the day - you were probably already nearly there anyway!