In Focus Resource Center > Insights

Don't Lose Out to GDPR

In today’s fast-paced online world, the dramatic surge in data breaches comes as little surprise. Virtually every byte of the world’s information, be it personal or commercial, resides somewhere on a hard drive. To help encourage the defense of this sensitive information, regulations continue to be rolled out, complete with penalties that threaten companies who are careless while dealing with consumer information. One such regulation is the General Data Protection Regulation (GDPR).

While the GDPR has been in effect since May of 2018, an astonishing number of companies are still either in the implementation phase or possess little-to-no awareness regarding the requirements.

The Crux of the GDPR:

The GDPR provides citizens of the European Union (EU) with greater control over their personal data and ensures their information is secured and protected. If you are a company that handles data related to citizens of the EU, regardless of your geographical location, you must be GDPR compliant. Some of the basic rights that consumers receive under this regulation are:

  1. Individuals can ask the company how and where their data will be used.
  2. Individuals can request the company to delete their data at any time.
  3. Consumers can transfer their data from one service provider to another.
  4. Individuals need to be informed before any type of data is gathered from them.
  5. Consumers can ask the company to stop using their data for direct marketing.


The GDPR puts more pressure on companies to process their consumer data lawfully, fairly, and in a transparent way. Proper consent from consumers must be taken before processing their data. Companies need to report the data breach within 72 hours of its occurrence. Every company dealing with such information should have a data controller or a data protection officer who oversees meeting the GDPR requirements.

GDPR’s Teeth: Impact of Non-Compliance

The regulators of GDPR mean business by ensuring that tough penalties are awarded to companies that are careless with their data management and protection. Penalties of up to 4% of a company’s annual global revenue or 20 million Euros are levied per infringement. For example, British Airways is facing fines that may amount to 200 million Euros while Marriott International is being fined 99 million Euros for data breaches that occurred in 2018. The fines can go higher or lower depending on the severity of the case. These fines are a stark reminder that companies must either be GDPR compliant or be prepared to face significant penalties in the event of non-compliance.

If you feel that GDPR requirements are too confusing or if you are unsure of where to start, Citrin Cooperman’s team of professionals can help you understand the intricacies of this regulation and be compliance ready.

Our specialists are here to help.

Get in touch with a specialist in your industry today.

* Required

* I understand and agree to Citrin Cooperman’s Privacy Notice, which governs how Citrin Cooperman collects, uses, and shares my personal information. This includes my right to unsubscribe from marketing emails and further manage my Privacy Choices at any time. If you are a California Resident, please refer to our California Notice at Collection. If you have questions regarding our use of your personal data/information, please send an e-mail to privacy@citrincooperman.com.