On May 25, the new General Data Protection Regulation (GDPR) takes effect in the European Union (EU).
It is the cause of some confusion, much concern, and a fair amount of hand-wringing.
“GDPR brings the biggest change to data protection laws in Europe for 20 years,” says Alan Leach, the marketing director for the West Wood Club, a seven-facility chain based in Dublin, Ireland. “The implications for companies all over Europe are enormous.”
The raison d’etre of GDPR is to protect the privacy of citizens’ data and refine the way organizations handle data.
Although GDPR was drafted in Europe, its impact will definitely be felt in the U.S.—including at IHRSA—and in any country doing business in the EU. In December, Forbes published an article informing readers that, “Yes, The GDPR Will Affect Your U.S.-Based Business.” And, in January, The New York Times reported that, in Silicon Valley, “Tech Giants Brace for Europe’s New Data Privacy Rules.”
IHRSA is complying with GDPR by asking EU residents to opt-in to receive email communications.
“GDPR is a global game changer in privacy rules,” says Florian Cartoux, the IHRSA Europe director.
The penalties for noncompliance are impossible to ignore. Infractions can result in a fine of up to €20 million, or 4% of company’s annual revenues, whichever is higher.
International fitness industry firms headquartered in the U.S., such as Life Fitness, based in Rosemont, IL, and Anytime Fitnes, of Woodbury, MN, have taken note and are taking steps. “We’ve worked … to develop a project plan for addressing security and privacy obligations in accordance with the GDPR,” says Life Fitness.
The debut of the Internet and its subsequent explosion have helped transform data into one of the world’s most valuable commodities, and now, arguably, it’s the bedrock, the universal platform, on which modern civilization sits.