Exciting Trends in the technology and commercial real estate world
New York City is not only the most expensive big city in the world to rent a desk, but now New York is also the city with the most flexible office rates. Check out this article in from The Wall Street Journal to learn more.
Check out this article to see what Data Center Frontier thinks is the reasoning behind why Digital Realty recently acquired DuPont Fabros.
By: Jason Bell
techrealestatetrends.com
Data Privacy Laws have continued to emerge. The US and foreign based companies are now facing challenges with the EU’s latest data privacy law – General Data Protection Regulation (GDPR).
GDPR is the latest version of a 1995 directive by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens and residents back control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It goes into effect on May 25, 2018.
Any foreign company that collects EU data is at risk. GDPR extends the scope of the EU data protection law to all foreign companies processing data of EU residents. This makes it easier for non-European companies to comply with these regulations. However, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of global revenue.
Of the foreign enterprises that have already prepared for this change, 70% have spent over $1 million from their IT budget for preparation initiatives of information security, privacy policies, GDPR gap assessment and data discovery to support the mandatory record keeping and data portability.
Under the GDPR, the controller is liable for the actions of the processors they choose. It is important that US-based companies carefully choose their data processors and a relationship between a controller and a data processor should be governed by a contract. The contractual relationship should include details around the data itself, retention periods, disposal requirements and the nature and purpose of the data.
Due to the difficult task of ensuring that each company is compliant with the GDPR, codes of conduct and certifications have been endorsed as guidance to the requirements and as proof of compliance. US-based companies should familiarize themselves with the differences in each to ensure they choose the best one for their business model.
The new enforcement procedures and fines associated with the GDPR are the source of many nerves for company executives. The hefty fines associated with the non-compliance of the GDPR can reach millions or even billions of dollars. Violators will be placed in one of two tiers, with the higher tier costing violators up to over 20 million euros or 4% of the company’s net income.
It is evident that there are companies who have concerns about the risks of GDPR. Some are investing in technology and training. However, there are also companies who are not spending the same amount of money because their IT budget does not allow them to do so. For companies who do not have a million dollar IT budget and compliance support, GDPR has the potential to be a business ending issue.