If your company amasses mailing lists, you’ve officially been put on notice.

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018 — and it impacts any business that uses customer information for commercial purposes.

Although the law is specific to the European Union, anyone who has customer information of an EU citizen — whether they live there or not — is susceptible to its laws. So, yes, that means you have something to worry about.

…and GDPR non-compliance can cost you.

Significant Fines

When we say significant, we mean gut-wrenching

The standing law within the GDPR itself states that fines can extend up to 20 million Euros (comparable to almost $24 million in U.S. dollars) or up to 4% of the total “worldwide annual turnover of the previous financial year” – whichever number is larger.

That’s a hefty fine for any company to pay, regardless of financial standing.

Will a fine of that number ever actually be levied? Possibly not.

Still, since the GDPR is a relatively new law, there is a strong possibility that the Information Commissioner’s Office in the U.K will make an example of the first few unlucky companies that they find within their crosshairs.

What Can You Do?

Simple: Get yourself in compliance with the laws. It’s not a hard process and, chances are, you already are in up-to-date in some areas (provided you’re operating ethically to begin with), so take the extra steps by appointing a data protection officer, create a data breach plan, and safeguard customer data. In this day and age, there’s no excuse to create a clearly defined policy for customer protection.