Printer Friendly

American firms need to be aware of GDPR guidelines.

Byline: Special to The Daily Record

A recent $57 million fine of Google for alleged violations of personalized data is the best reason yet for U.S. organizations to finally pay attention to the EU's new General Data Protection Regulation (GDPR), according to Rick Arthur, chief information technology and security officer at Hartman Executive Advisors in Timonium.

The hefty Google fine was levied by the French government's data protection authority for Google's alleged lack of transparency and not fully validating valid consent for personalizing of its ads.

Since the GDPR took effect in May last year, such fines can be levied by any EU nation's appropriate data authority. Google's fine was the largest yet.

Arthur said Hartman business advisors "spend a lot of time with people to help them understand their responsibilities under the GDPR because there are very real consequences for failing to comply."

He explained that for any organization, whether nonprofit organizations, professional services, marketing or manufacturing firms, doing business with European countries or their citizens, GDPR is applicable if collecting identifying information about European citizens.

Small businesses in America, "are not dealing with the specter of GDPR" and a certain new wave of future legislation on personal data protection, said Marketing Director Tara Newman of RapidFire Tools, Inc.,

The Atlanta-based tech firm sells a software tool that enables IT service providers to offer clients to plan around GDPR. Newman said, as small companies lag behind, "we do see some traction from large companies, especially from a perception standpoint."

While organizations are spending millions and enlisting experts to comply, "GDPR compliance penalties are starting to hit," wrote Michael Mittel, RapidFire's CEO, in the trade organization's "CMS Wire" on Feb. 14. Citing several penalty cases in Europe so far, Mittel observed, "GDPR is starting to live up to its reputation of being a fearless defender of customer data and privacy rights."

Newman said, "Michael's article shows that having that sort of pro-activity and (therefore) being able to prove their best efforts to show they are doing something, has been incredibly beneficial to those who have been fined and were able to show that, yeah, we are doing everything we can." She said their software tool helps them offer GDPR services to their clients, who can then be proactive to the legislation.

The range of data covered under the GDPR is sophisticated, said Hartman's Arthur, and goes beyond name and employer identification. It also includes addresses, tax identification, IP address, cookies about a user's online behavior, health and genetic data, biometric data and more.

"Disclosing that kind of data you collect about someone or about their behavior and how you use it, such as selling the information a firm harvested about people is a no-no. You have to have their explicit consent," Arthur said.

Hartman makes sure "appropriate controls" are in place for a wide-ranging clientele, including Old Line Bank, Howard Bank, Loyola University Maryland, The Strata Group, Middleton and Meads Co., the Healthy Back Store, Goodwill Industries of the Chesapeake, Maryland Hospital Association and Roland Park Place.

Even government agencies are somewhat vulnerable to the GDPR and similar regulations. The Maryland Data Privacy Act requires agencies to mirror federal procedures for ensuring that personally identifiable information is protected from unauthorized access, use, modification, or disclosure. The law does not address private industry.

The first state to pass a regulation similar to the GDPR was California in June 2018. That state's consumer privacy act is due to become law next year. It will give citizens the right to bring a civil action against companies that violate the law and gives the state the right to bring charges against a company directly.

The California move is likely to be followed by similar laws in other states, according to IT experts. In fact, Microsoft's CEO Satya Nadella, at the World Economic Forum in Switzerland on Jan. 24, called for a U.S. law similar to the GDPR. More likely though, according to Arthur, will be a trickle of state-by-state adaptations.

Because data is a fundamental driver of today's marketing programs, it will continue to affect the use and management of personal data by marketers. Prad Mohanty, senior IT advisor at Hartman states on its website, "Whether or not a company does business with EU citizens, leaders should consider GDPR a catalyst for stronger data governance within their organizations, and an opportunity to implement a customer-first mentality."

Copyright {c} 2019 BridgeTower Media. All Rights Reserved.
COPYRIGHT 2019 BridgeTower Media Holding Company, LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2019 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Daily Record (Baltimore, MD)
Date:Feb 22, 2019
Next Article:Baltimore Co. courts implement mandatory e-filing system.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters