GDPR grants consumers the “right to be forgotten,” and companies will have a duty to secure that. Not only will this impact companies that deal directly with the EU, but others that may have contractors, vendors, suppliers or other partners somewhere down the line with ties to the EU.
As Craig Guillot at Supply Chain Dive explains, GDPR requires organizations to have a transparent data collection, management and security system in place.
“Due to the geographically expansive nature of supply chains and to the fact they can hold great amounts of personal information, the regulation reaches far wider than one might imagine,” he writes.
Brad Bussie, principal security strategist at Trace3, says manufacturers and supply chain organizations should assume that they are required to comply with GDPR.
Organizations in breach of the regulation could be fined up to the greater amount of 4 percent of annual global turnover or €20 million ($23.5 million) in the event of a serious violation. An organization could also be fined 2 percent of turnover for not having their records in order or not notifying the authority about a data breach.