In the USA, there are a lot of things dominating the news cycles nowadays, but unfortunately for those in the enterprise technology management space, General Data Protection Regulation (GDPR) is not one of them. And while GDPR has been front-page news in the EU for months, becoming effective May 25 2018 across the entire EU, very few American companies and more specifically, American TEM companies, really understand what it is, if it applies to them, or the potential impact to their business and operations.
To determine if this legislation applies to them, American TEM’s should be asking one simple question.
Are you processing any personally identifiable data of EU data subjects?
Where “Personal Identifiable Data” is any information that can be traced back, directly or indirectly to a living citizen of a EU member state (“an EU data subject”).
Some examples of Personal Identifiable Data:
- A person’s email address (doesn’t matter it if is a private or business address)
- A person’s phone number (again, can be either corporate or private)
- Call Data Records which be attributed to a person
- A person’s IP address
If you answered yes to this question, GDPR DOES APPLY TO YOU and please download our whitepaper that completely explains GDPR in the American TEM context and provides detailed recommendations on how you can protect your company within the new legislation.
So What Does That Mean
Since most TEM companies at a minimum collect personally identifiable data (an invoice containing CDR’s), all parties bear responsibility to protect the personally identifiable information of an EU citizen in any geography, regardless of role – whether it be the TEM client selecting the right TEM provider, to the TEM provider ensuring they handle, store, and present that data in-line with the law.
TEM companies who have historically relied on self-certifying vehicles such as Safe Harbor or Privacy Shield should very seriously consider at a minimum would they be prepared for an audit, what would the cost of such an audit be, and what would be their liability should they be found non-compliant whether it be the cost to make themselves compliant (ISO certifications are not cheap) or in the most extreme case, potential fines that can be assessed.
Download our whitepaper to find out how to be GDPR-Compliant in 7 steps.