According to a recent Deloitte poll, nearly one in eight responding organizations are waiting to see how regulators enforce the EU’s GDPR (General Data Protection Regulation) before deciding whether to take action. The maximum penalty is 4% of an organization’s global annual revenue or €20 million (around $23 million), whichever is greater. Several organizations don’t believe the EU and its regulatory bodies will be able to collect penalties.
Comment from Deloitte
“A lot of people are sitting back and saying, 4%? That’ll never happen,” says Rich Vestuto, managing director, Deloitte Risk and Financial Advisory. “Well, what is the wake-up point, then? One percent? Half a percent? You’d still be talking about a tremendous financial penalty.”
Organizations must remember that the GDPR applies to all organizations that monitor the behavior of, or offer goods and services to, EU residents – irrespective of the organization’s location or where the data is processed.
Failing to comply can cause both financial and reputational damage. Don’t wait – start today.
IT Governance USA is the one-stop shop to help organizations with compliance.
Our Certified EU GDPR Foundation Training Course, offered in Boston, New York, San Francisco, and Los Angeles, provides a comprehensive introduction to the GDPR, and a practical understanding of the implications and legal requirements for U.S. organizations in just one day.
We are also running a free webinar series to help North American organizations achieve compliance. Questions will be taken at the end of each presentation.
Register now for the kickoff webinar ‘Do I need to comply with the GDPR? What North American organizations need to know about data privacy,’ scheduled for Tuesday, October 9, 2018, 1:00 – 2:00 pm EDT.
The webinar will cover:
- Updates to U.S. laws and how they compare to the GDPR
- Whether North American organizations need an EU representative
- Whether the Privacy Shield provides enough cover
- What the Privacy Shield means for organizations