The new EU GDPR rules were introduced in May 2018, aiming to tighten data protection for consumers in the EU. However, what many businesses didn’t realise is that the GDPR would affect those operating in non-EU countries too.
Asia-Pacific businesses are finding it particularly difficult to comply and understand the new rules. Here, we’ll look at why data privacy protection is proving challenging for these businesses.
What is GDPR?
GDPR is a data privacy law, allowing consumers greater power over how their personal information is stored and used. As well as introducing new regulations, the law also imposes significant fines to businesses which break them.
It covers numerous concepts including a consumers right to be forgotten, data breach notification and data portability.
How are Asia-Pacific businesses affected?
Although GDPR was introduced with data processors and controllers within the EU, it also can also impact businesses outside of the EU.
If your Asia-Pacific business targets EU residents, you’ll need to adhere to GDPR rules. So, if you plan on collecting and processing data from EU residents, largely through apps or websites, you’ll need to have adequate steps in place to meet GDPR.
Similarly, if you plan on monitoring data from EU residents, you’ll also need to adhere to the guidelines. This includes the use of cookies and web analytics tools.
Steps businesses should take to be GDPR compliant
If you do need to adhere to GDPR rules as an Asia-Pacific business, it’s a good idea to seek advice from a company such as RSM. They will be able to advise you of how to meet the new regulations.
At the very least, you’ll need to start by updating your cookie and privacy notice. You’ll need to make it absolutely clear which data and cookies you collect and what you se the data for. As well as making it clear how data is processed and controlled, you’ll also need to ask for consent. Keep in mind that once a consumer has consented, they’ll be entitled to withdraw their consent at any point.
If there is a data breach within the business, this will need to be reported within 72-hours. You’ll need to report it to the regulator, as well as let affected consumers know about the breach. If you don’t report it quick enough, your businesses reputation could drastically suffer, and large fines can be imposed by the regulators.
As you can see, Asia-Pacific business need to be aware of GDPR regulations if they want to avoid facing huge fines. If you are selling your products or services to EU countries, GDPR rules will always apply. If your business isn’t prepared, now is the time act and implement GDPR into your business.
Leave a Reply