In recent months, you’ve probably received communication from some of your favorite websites or entertainment apps such as Netflix, Twitter, Facebook, Amazon Prime or Verizon. These communications have been prompted by the General Data Protection Regulation (GDPR). Many businesses in the U.S. assume that GDPR doesn't apply to them since it's a European-based regulation.
Think again.
The media has covered GDPR extensively in recent months - from Forbes' recent article, US Businesses Cannot Hide from GDPR, to additional coverage on CNN and multiple technology media outlets - but, the marine industry media has not published much information about GDPR. So, there’s no wonder that brokers, dealers and OEMs have questions about GDPR!
We’ve summarized the highlights below to help make it easier to understand what GDPR is and what it means for our industry.
What is GDPR?
The European Union’s General Data Protection Regulation (GDPR) represents the most significant change in data protection law since the inception of the Internet. GDPR takes into account how information is collected and stored differently since the rise of the digital economy which rendered the previous legislation, the Data Protection Directive of 1995, obsolete. GDPR was passed in 2016, with enforcement beginning May 25th, 2018.
Who is subject to GDPR compliance?
The GDPR’s scope is significant as it covers companies and organizations that utilize or store personal information of European citizens globally, natural persons in the EU or companies operating in the EU; therefore, its remit includes most organizations anywhere in the world. A company is subject to GDPR compliance if it:
How does this affect the boating industry?
The boating industry is a global marketplace. Your customers and prospects are citizens of various countries throughout the world - even if they reside in the U.S. If your customers and prospects visit Europe, they are protected by GDPR while there.
When your business has any communications or transactions with customers via phone, email, social media or website, it is highly likely that your business stores their personal information/data in some way. And, the storage of personal information is what GDPR was designed to protect.
What is considered personal data?
According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, or a computer IP address.
What are the consequences of non-compliance?
The most serious penalties include fines of €20 million or 4% of global turnover, whichever is greater.
What does GDPR-compliant mean?
The GDPR requires organizations to implement reasonable data protection measures to protect the personal data of consumers and employees against data loss or exposure. To achieve that goal, the law regulates all areas related to data management and processing, from obtaining user consent to setting up company-wide data protection practices and handling data breach incidents.
My business doesn’t sell boats outside of the U.S., so how does this impact me?
The impact of GDPR is far-reaching, regardless of whether you are located or do business in the EU or US. It’s important that you educate yourself about GDPR and consult legal counsel if you think it is necessary.
While experts are still learning the details about how GDPR will be enforced, technology experts in both the U.S. and in Europe agree on one key aspect: Know what data your business stores. If you know your data, you’ll know what is needed to be prepared.