The GDPR is an updated set of EU privacy laws that went into effect in May 2018. It’s design to give consumers more control over how their personal data collected, used and stored.
The new law applies to all companies that collect, store and use the personal information of citizens of the European Union (EU). It also affects third-party vendors, such as cloud providers or SaaS vendors.
What is the GDPR?
The GDPR, which stands for General Data Protection Regulation, is a new set of data protection laws that govern the way businesses collect, store and use personal information. It replaced the previous 1995 data protection directive and is design to increase consumer control over how their personal information is use and stored.
The law applies to all companies that process the personal data of people within the European Union (EU) or those that offer goods or services to EU citizens. It also applies to non-EU organisations that are processing personal data of EU citizens, whether they are located in the EU or not.
According to the GDPR, a company must obtain unambiguous consent from an individual before they can begin using their personal data. It also requires that companies have an accountability system in place to prove they are complying with the regulations.
This means ensuring that they can document the processes they have in place to ensure the privacy of users, as well as regularly evaluating and updating those policies. It also includes appointing a data protection officer, training staff, and auditing their procedures.
It also gives people more power to hold companies accountable for how they use their personal information – the ability to withhold consent, request access to their data, or even delete their data altogether. That could have a big impact on how companies deal with their customers’ data in the future, and could reshape the tech industry as we know it.
As it stands, there are tough penalties for companies that do not meet the GDPR’s requirements – fines can reach as high as 4% of global revenue or 20 million Euros, whichever is greater. This is a huge incentive for businesses to make sure they are fully compliant by the deadline.
The biggest change for many organisations was the need to change their privacy policies and practices to be GDPR compliant. This meant changing the way they handle customer information, as well as how they process it and what types of products and services they can offer to customers.
What is the impact on the tech industry?
The GDPR (General Data Protection Regulation) is a new European Union law that will impact the global tech industry. It will require technology companies to overhaul their policies and procedures in order to comply with the regulations. This is an expensive process, and the impact will feel by American and Chinese companies in particular.
The law is meant to uphold users’ privacy rights and ensure that companies are accountable for their actions. But early signs suggest that it’s not working as intended.
While the GDPR has had a positive effect on data regulation in Europe, it’s also proving to be a major roadblock for many small and medium-sized technology companies. For example, it’s making it much harder for web designers to get their hands on coveted domain names in the EU. This is because the WHOIS database, which allows web designers to contact domain name owners and negotiate the purchase of an already-owned domain, must legally omit private information from entries.
It’s a complex issue that will have to solved by governments and regulators alike. They have to strike a balance between the need to protect consumers’ privacy and the need to maintain a business-friendly environment that encourages entrepreneurship and job creation.
Big tech is well-position to withstand the GDPR’s impacts. These companies have the financial and infrastructure to withstand regulatory assaults, while smaller competitors are force to fold due to their lack of capital.
But this economic moat isn’t going to last forever, as the GDPR’s first two years have reflected. In the first two months of 2018, only two fines have issued: one to Facebook’s Irish subsidiary, and another to Google over its Android operating system.
As we saw in the Cambridge Analytica data scandal, privacy breaches can cause serious harm to citizens. This is why regulators must do everything they can to ensure that tech monopolies don’t abuse their power over data.
The biggest challenge is that GDPR imposes harsher penalties than any other data privacy regulation on online businesses. Fines can reach up to 20 million euros or 4 percent of a company’s global revenue, whichever is higher. That’s a lot of money, and it can be difficult to pay. In addition, it takes time for regulators to find out how to properly enforce the regulations.
What are the implications for US-based businesses?
US-based businesses that offer goods or services to EU residents, monitor their behavior, or process personal data as part of their activities in the European Union may be subject to GDPR compliance requirements. Noncompliance with GDPR could result in fines of up to 4% of the company’s worldwide revenue, depending on the level of infringement.
Whether or not the GDPR applies to a US-based business is largely dependent on the company’s intent. For example, if a US-based company offers goods or services to customers in the EU but does not have an office or representative in the EU, the GDPR will only apply to the data that it collects from those European customers.
For a US-based business to be compliant with the GDPR, it will need to have policies in place that detail how it will collect and process personal information and ensure that all of its employees understand those policies. It will also need to have processes in place for storing and protecting personal information and provide data security training to all of its staff.
In addition, it will need to determine which EU member state has supervisory authority over its activities. This is a complex task and will require careful analysis of the company’s business processes and policies.
Finally, it will need to rework its consent and disclosure options and forms to make them more compliant with the GDPR’s requirements at every step of data collection and processing. This includes making sure that consent is easy and simple to obtain – and that the information collected is accurate.
As GDPR regulators continue to build up their case files, it’s clear that US-based businesses that are unprepare to meet their GDPR obligations are at risk of significant penalties. This means that it’s critical for all companies, regardless of size, to take steps to comply with GDPR as soon as possible.
While implementing GDPR requirements for US-based businesses will be expensive in terms of time and resources, the costs are likely to be more than offset by the savings that can gained by avoiding potential fines. Considering that the EU is set to become the world’s largest economy in just five years, it makes sense for all companies – large and small – to take steps now to prepare for the GDPR and avoid the costly penalties that can result from noncompliance.
What are the key takeaways from the GDPR?
The EU’s General Data Protection Regulation (GDPR) has now been in effect for just over a year. The new rules are design to modernise data protection laws that first put in place more than two decades ago, aiming to protect the privacy of citizens across Europe.
GDPR lays out a set of principles to guide companies in their handling of personal data. These include the principle of transparency, ensuring that people understand how their data is use and empowering individuals with the right to have their personal information deleted or transferred if they wish.
In addition to these principles, the GDPR also outlines a number of rights for data subjects. These rights include the ability to access their personal data, rectification of errors in data processing and erasure of data.
Another key takeaway is that, as a business, you must comply with these regulations. This can be done by ensuring that you have comprehensive documentation of what personal data collected and how it used, how the data stored, who is responsible for it and more.
Additionally, you must ensure that the data you collect is secure. This includes ensuring that it encrypted, using passwords and implementing other security measures to prevent hackers from gaining access to the data you collect.
You must also have a process in place to respond to any data subject access requests that made by the data subjects themselves. These requests are increasing in number and have to dealt with carefully.
Similarly, you must have a system in place to deal with any data breach cases that filed. These can be costly and time-consuming to resolve.
The best way to avoid a large fine is to ensure that you are complying with all of the requirements. This can accomplish by ensuring that you have a robust security program in place and that your staff regularly reminded of the importance of protecting their own personal data.
The GDPR is a huge change for the tech industry and it will likely have an impact on businesses of all sizes. However, while the new rules may cause some big companies to shut down, there are other opportunities for smaller businesses to grow and expand. For example, there are many cloud services that will be able to help you comply with the new regulations.
Recommended readings:
