Starting today, a new European regulation came into effect causing some unprepared U.S. sites to block users and shut down activities.
As the European Union implements the much-awaited General Data Protection Regulation (GDPR) to synchronize data privacy laws for its citizens, most U.S. firms, including healthcare companies, are still working to comply with the rigorous regulation.
GDPR, which contains 99 articles and 173 recitals, has key requirements that directly impact the way organizations implement IT security, thus addressing the key security tenets of confidentiality, integrity and availability of data.
According to the latest forensic data analytics survey, only 48 percent of all industries have a plan to comply with GDPR and only 25 percent of U.S. healthcare industry firms.
“It is imperative for U.S. firms to plan and continue their efforts towards compliance to safeguard the continuity of business within the EU and avoid substantial penalties because of non-compliance,” Doug Brown, founder of Black Book Market Research LLC.
For North American companies with operations in the EU, data security measures will now have to work alongside legal and compliance teams to ensure maximum adherence to GDPR.
Recommend Read: GDPR Roadmap: Inception to 25 May 2018
“With data privacy concerns, particularly medical information on the rise and stringent regulatory requirements like GDPR coming into force, organizations have no choice but to redefine the way they approach data management,” said Brown.
Non-compliance with GDPR can result in heavy fines and increased regulatory actions. Organizations that collect personal data must be able to prove that they consistently and reliably comply with GDPR privacy and security principles.
A new study from Black Book Market Research LLC reveals that only 29 percent of U.S. organizations surveyed are embracing the GDPR globally as an opportunity to improve privacy, security, data management or as a catalyst for new business models, rather than simply a compliance issue or impediment.
GDPR is a fairly complex piece of legislation with far-reaching impact not just within the European Union but the United States and the world as well.
US companies operating in the EU will have to change the way they capture, process and use data of EU nationals. GDPR applies to all the personal data of any employee, consumer, patient and/or customer who are in Europe.
“It is a complicated process involving in-depth understanding of healthcare data privacy laws and policies in particular. With strong data protection strategies in place, consumers will place greater confidence in businesses and businesses will minimize the financial fall-out of a breach,” said Brown.