The European Commission’s new General Data Protection Regulation (GDPR) governing customer data and privacy will take effect in May 2018. And while big tech companies have been updating their policies and security measures to be GDPR compliant, startups are now beginning to do the same. Here’s an overview of Europe’s new data protection regulation and why it matters to startups and entrepreneurs in fashion, beauty and retail.

What is the General Data Protection Regulation? The GDPR is the European Union’s new privacy framework for entities collecting, storing and using EU citizens’ personal data—including an individual’s name, address, location data, online identifier, health information and cultural profile. The GDPR contains requirements on communications to customers, consent, access and portability of data, and a 72-hour notification of data breaches—with monetary penalties for noncompliance. The GDPR also requires certain entities to have a data protection officer, depending on the type and amount of data that they collect.

Why Does the GDPR matter to startups in fashion and beauty? The GDPR applies to organizations established in the EU and U.S.-based companies that offer products and services to EU residents. Thus, if your internet-based business engages with customers in the EU, then your company is subject to the GDPR. Your business must also comply with the GDPR if you are monitoring, tracking or processing data of individuals in Europe, for example, through customer profiling.

What should organizations do to become GDPR ready? Organizations should review their existing privacy policies and internal procedures, as well as technical and security measures currently in place. Startups should also consider discussing policies and practical steps with their legal counsel.

How will the GDPR apply to the UK, given Brexit? Brexit does not mean exit from the European Union’s GDPR. The UK government has announced its plans to bring the GDPR into “UK law” by implementing a new UK data protection bill.

Preparing for GDPR compliance will be different for every company. Additional information on the GDPR and data protection in the European Union can be found here.

Stay In The Know

with the Washington Watch newsletter