You've received the emails. The GDPR is in full effect. But it's more than just sending an email; it's a specific process of disclosure and upkeep.
The General Data Privacy Regulation is legislation that strictly governs how the data of anyone in the European Economic Area (EEA) is collected and managed.
If someone in the EEA comes into contact with your business, even if that's just sending an email, you must comply or face fines up to 4% of revenue. Even if you're based in North America!
According to CSO Online, the average data breach costs a company $1.3M USD in lost data and fines. An internally-led GDPR Compliance effort without guidance can exceed $15k+ (150+ hours at $100/hr) and 3+ weeks.
Where do I start? What are the rules? What are the risks if I don't comply?
A few months ago our customers started asking for help on compliance. The first time it took us 3+ weeks. We couldn’t find a solid framework that led us through the process step-by-step and told us what to change. So we created our own Toolkit and it took time to compliance down from 3+ weeks to 3 days.