After a two-year transitional period, the day has finally come – today the General Data Protection Regulation (GDPR) goes into effect, forcing companies across the globe to abide by a new set of data privacy regulations.
The GDPR replaces the European Union’s Data Protection Directive (DPD), which was adopted in 1995. The former looks to give consumers more control of their data, especially as the internet has exacerbated the risk associated with, and ubiquity of, digital personal information.
Among its biggest changes, the GDPR has a greater scope than the DPD, and will be applicable to all companies that process the data of EU citizens, no matter where those companies are located.
Ideally, your company has already done the legwork required to obtain compliance. If not, here’s a quick refresher. After all, better late than never.
WHAT DOES THE GDPR ENTAIL? AND WHO DOES IT AFFECT?
The GDPR seeks to increase citizen awareness in the EU and across the globe of how and why their data is being used. The new law lays out sweeping changes regarding the rights of a “data subject,” or a citizen who has his or her data processed.
For instance, a data subject must be aware that their data is indeed being processed under the new law, and that the legislation forces companies to articulate that fact in plain language so there’s no room for misunderstanding.
Data subjects also have a right to know why the data is being processed, have access to the information in question, and the ability to have it erased.
In addition, the GDPR forces companies to notify supervisory authorities of a data breach within 72 hours of the incident. Citizens affected by the breach should be notified “without undue delay,” according to the regulation.
The GDPR applies to any company, located anywhere in the world, that processes the data of EU citizens. The legislation is not exclusive to the European Union.
ARE YOU PREPARED?
You’ve likely already received notifications via email or social media that companies are updating their privacy policies to reflect GDPR requirements. Organizations have notified consumers of the ensuing deadline and what they’ll do to abide by the new rules.
Social media companies and marketers, i.e. those who collect massive amounts of user data, will need to be particularly careful under the GDPR.
Surprisingly, however, it turns out that everyone is not prepared. The BBC reports that multiple companies are temporarily discontinuing access to their products or services to avoid non-compliance.
The decision to halt services may be clunky, but it’s a wise one. Failure to comply with the GDPR can result in fines of up to 20,000,000 Euros or four percent of annual global turnover.
Given the sprint that’s taken place to become compliant, it’s no shock that the GDRP has been a hot topic of late. To give you an idea: its garnered more search traffic on the web than Beyoncé, according to Quartz.
Ultimately the new regulation should be a welcome change for both consumers and global organizations. By keeping a more vigilant eye on data and how it’s processed, everyone is less likely to have information breached.
Is the GDPR fail-safe? Probably not. Is it a positive step forward in a world that has more processed electronic data than it knows what to do with? More than likely, yes.
We’ll get a glimpse of the GDPR’s impact sooner rather than later. If anything, its dedication to protecting personal information, especially electronic personal information, could end up being a pioneering trend in the digital age.