By Victor Reklaitis, MarketWatch
There’s been a renewed focus on protecting personal data in recent months, thanks to Facebook drawing all sorts of flak for how it managed people’s sensitive information.
So European Union regulators might be patting themselves on the back for their new General Data Protection Regulation, a set of data-handling rules that are taking effect on Friday .
Below are five things to know about GDPR, which has been making American companies — including Facebook /zigman2/quotes/205064656/composite FB +0.41% — change how they do business.
In January, Facebook COO Sheryl Sandberg said the company was trying to make it easier for the social network’s users worldwide to manage their privacy before the wide-ranging EU law kicks in.
Then in March, the social-media giant endured a firestorm and stock selloff after data-mining company Cambridge Analytica reportedly used the personal details of up to 87 million Facebook users without authorization.
1. No EU operations? GDPR still may apply to you
U.S. enterprises may be making a big mistake if they react to GDPR with a Gallic shrug .
All companies, government agencies and nonprofits that interact with EU residents are subject to the new law, according to security experts from consulting firm RSM.
“Many organizations underestimate the amount of EU data they hold and, therefore, may not understand the legislation’s potential effect,” wrote RSM’s Daimon Geopfert and Alain Marcuse in a column published by the Boston Business Journal.
“For example, banks, hospitals, hotels and other organizations that hold data from EU residents are subject to the GDPR.”
2. Failure could mean sizable fines
The law promises hefty fines for companies that fail to notify authorities of breaches within 72 hours.
The maximum fine would be up to 4% of annual sales or 20 million euros ($25 million), whichever is higher, noted Jefferies analysts in a recent report. Companies also would have to alert affected individuals within 72 hours, in certain cases.