Export

Exporters Must Comply with EU Reg by May 2018 or Face Fine

Nov. 3, 2017
Non-compliance can be very expensive. There is a fine of 4% of the company’s global revenue.

There is a global conversation going on about the digital economy. The discussion centers around how these new technologies will be adapted and what the implications will be. One area of particular concern is that of privacy.

“How the U.S. and the EU view privacy is very similar,” explains Isabelle Roccia, a Commercial Specialist who serves as the U.S. Mission to the EU-Belgium, for the International Trade Administration-U.S. Department of Commerce.

And how these countries, which account for $4.5 trillion in two-way trade and generates more than 15 million jobs, approach privacy requirements will be essential to the continuation of the brisk trade.

In 2016 both the U.S. and the EU updated their approach to the issue. The International Trade Administration (ITA) of the U.S. Department of Commerce launched the EU-U.S. Privacy Shield Framework to provide U.S. companies with a mechanism to comply with EU data protection requirements when transferring personal data from the EU to the United States. 

And recently, The European Union adopted a new piece of data privacy legislation called the General Data Protection Regulation (GDPR). The GDPR replaces the previous data protection Directive 1995/46. The overall objectives of the legislation remain the same: Businesses must tell consumers that they are collecting data, what they intend to use it for, and to whom it will be disclosed.

 Some of the key principles of the GDPR are:

  • Transparency: Personal data must be processed lawfully, fairly and transparently;
  • Purpose limitation: the purpose for which data is collected must be specified, explicit and legitimate;
  • Data Minimization: only data relevant for the purpose laid out should be collected and processed;
  • Data Integrity: It must be adequate, relevant and limited to what is necessary, and it must be accurate and kept up to date;
  • Security: It must be processed in a way that ensures appropriate security of the personal data, and the data controller is responsible for showing their compliance

 “What companies need to know is that they must be compliant with GDPR by May 25, 2018,” said Roccia.

 Non-compliance can be very expensive. There is a fine of up to 4% of the company’s global revenue or up to 20 million euros (US $23 million),whichever is higher. 

“While many companies have already begun working to comply, our organization can help any size company and in particular small companies who might not have a physical presence in Europe, but sell into that market,” Roccia added.

The ITA’s Commercial Service has prepared an overview of the GDPR that companies can use to familiarize themselves with some of the basic requirements of the GDPR so that they can begin to assess whether the GDPR would apply to them.  

In addition, ITA has both documents available to help with compliance as well as a Digital Attache program that consists of 12 Digital Trade Officers that can provide assistance, free of charge.  

Future Trends

“The privacy landscape continues to evolve in Europe and the European Commission has proposed further legislation that may impose additional requirements on companies,” says Roccia.

 The proposed e-Privacy regulation seeks to extend telecoms regulations, to what Europeans term over the top (OTT) communications services. OTT’s include services such as Skype and Facetime but may also include chat functions on websites.

 In addition, the European courts have also been very active in shaping Europe’s privacy landscape so companies should be vigilant in their monitoring of European privacy requirements.

About the Author

Adrienne Selko | Senior Editor

Focus: Workforce, Talent 

 

Bio: Adrienne Selko has written about many topics over the 17 years she has been with the publication and currently focuses on workforce development strategies.She is also a senior editor at Material Handling & Logistics and EHS Today

Editorial mission statement: Manufacturing is the enviable position of creating products, processes and policies that solve the world’s problems. When the industry stepped up to manufacture what was necessary to combat the pandemic, it revealed its true nature. My goal is to showcase the sector’s ability to address a broad range of workforce issues including technology, training, diversity & inclusion, with a goal of enticing future generations to join this amazing sector.

Why I find manufacturing interesting: On my first day working for a company that made medical equipment such as MRIs, I toured the plant floor. On every wall was a photo of a person, mostly children. I asked my supervisor why this was the case and he said that the work we do at this company has saved these people’s lives. “We never forget how important our work is and everyone’s contribution to that.” From that moment on I was hooked on manufacturing.

I have talked with many people in this field who have transformed their own career development to assist others. For example, companies are hiring those with disabilities, those previously incarcerated and other talent pools that have been underutilized. I have talked with leaders who have brought out the best in their workforce, as well as employees doing their best work while doing good for the world. 

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!