Think twice before you ignore GDPR

By Jessica Salerno, OSCPA senior content manager

The General Data Protection Regulation (GDPR) went into effect May 25, and it would be a mistake to automatically assume it doesn’t apply to your company.

“The GDPR expands upon the previous Data Protection Directive (Directive 95/46/EC) in several ways, one of which is that it applies to organizations even if they have no physical presence in the European Union,” wrote Anil Patel in a recent post on the OSCPA blog. Patel is an Assistant Attorney General in the Consumer Protection Section of the Ohio Attorney General’s Office, assigned to the Cyber and Privacy Unit. He’s also part of the CyberOhio initiative, aimed at protecting Ohio businesses from cyber threats.

“The GDPR applies to organizations when their processing of personal data is related to (1) the offering of goods or services to EU individuals or (2) monitoring the behavior of EU individuals,” he wrote. “The ‘personal data’ definition under the GDPR is incredibly broad and is defined as any information relating to an identified or identifiable natural person. This definition could include names, addresses, IP addresses, phone numbers, email addresses, financial information, medical information, or information found on social media websites.”

Cyber threats come in many forms, whether it’s a threat to your business because of recent changes in regulation, like GDPR, or through hackers attempting to infiltrate your systems. You can learn more about cyber threats next week at the Cincinnati Accounting Show at “The Internet of Things: Opportunities and Risk,” a presentation by CyberOhio. Register here.