On May 25, the General Data Protection Regulation (GDPR) goes into effect. The GDPR is the EU’s new data privacy law that sets strict requirements for how EU residents’ personal data is collected and used. Even though this is an EU law, its impact will be wide-ranging. Note that the GDPR applies not just to businesses in the EU, but any business that collects and processes personal data of EU residents. That likely includes most food processing and packaging suppliers, as well as many North American manufacturers and retailers.
Although it’s currently unknown how aggressively the law will be enforced, the potential penalties are stiff — up to 4% of global revenue, or €20 million.
These 10 resources will help you better understand GDPR and prepare for the changes it will bring.
General GDPR Resources
1. GDPR Portal: Site Overview [Resource site via Trunomi]
If this the first you’re hearing about the GDPR, this portal is a good place to start. This is NOT the official government website (you can find that here), but instead a third-party site run by a data protection company. What this website does is translates the main parts of the law into plain English, providing clear explanations of the key changes in the law, a variety of FAQs, and even a discussion of some of the more controversial topics.
2. WTF is GDPR [Article via TechCrunch]
This article takes a deep-dive into the regulation, including commentary from various experts about what the rules mean and what companies need to do to get their data in order. It’s long, but it’s a great read for anyone looking to understand the kinds of changes the new regulation may usher in.
3. U.S. Businesses Can’t Hide from GDPR [Article via Forbes]
Some U.S. companies mistakenly believe that since GDPR is an EU regulation, it doesn’t apply to them. In this article, Kris Lahiri, the chief information officer at file sharing and content governance company Egnyte, looks at what’s at stake for companies that choose not to comply.
4. GDPR Compliance [Resource site via HubSpot]
When you’re ready to start digging into compliance — at least from a marketing perspective — HubSpot’s compliance guide has a wealth of information about the law as well as concrete steps you need to take to comply. Their compliance checklist contains 22 questions all potentially impacted businesses should ask themselves. This site is especially relevant for companies that use marketing automation or other digital marketing tools.
5. 6 Ways to Prepare for GDPR [Article via The Wall Street Journal]
Also written for C-suite marketers, this article from Deloitte explores six areas that “will likely require significant attention”: increased recordkeeping, data protection impact assessments, privacy by design, data portability and erasure, security for privacy, and third-party risk management. It also highlights challenges and best practices for each.
6. Achieving GDPR Compliance in Manufacturing [Article via Microsoft]
If you use Microsoft in your organization, you’ll want to read this one. It reviews the different ways the company’s cloud tools (like Office 365) can help facilitate compliance.
7. The Top 10 Basic Changes Needed for GDPR Compliance [Webinar via Gartner]
Understanding the new law is one thing — complying with it is another. This webinar, available on-demand, reviews the top 10 things every company needs to do to improve their privacy practices and get into compliance.
GDPR Resources for the Food and Beverage Industry
8. What Does GDPR Mean for the Food and Beverage Sector? [PDF via Brodies]
This handy guide provides a short and sweet explanation of each of the regulation’s eight main components.
9. New EU Privacy Regulations Could Affect US Businesses [Article via Food Engineering]
The second half of this article gives specific examples of how the GDPR applies to U.S.-based food and beverage companies. For example, it addresses situations like mailing lists generated from trade shows, as well as different types of supplier relationships.
10. What Do the GDPR Regulations Mean for Retailers? [Article via Food Quality & Safety]
The GDPR has implications for the grocery industry as well, especially as more companies embrace e-commerce. This article argues that retailers — especially smaller ones — should focus on lowering their exposure to risk.