Chances are, no matter where you live, you’ve been inundated with a deluge of emails and notifications from companies and organizations updating their privacy policies. No, you’re not being spammed. In fact, this time, these newly updated privacy policies might benefit you.
A new regulation that’s taking the European Union’s tech industry by storm is called the General Data Protection Regulation, or GDPR, and here’s how it can affect you and your business.
Changing Tides: The New Terms of Service
Just what is the GDPR exactly? It’s a series of regulations that went into effect on May 25th and was created to benefit citizens of the E.U. by giving them control on how companies obtain their data, and how it’s used and managed. In this case, “personal data” refers to not only a person’s name, but their email address, IP address, and possibly other information.
This groundbreaking policy is one of the strictest sets of rules in the world regarding the protection of personal data and can have far-reaching consequences for not just the E.U., but for citizens around the globe. It seems that finally, some measures and steps are being implemented to give users the power to decide how their personal information is used and disseminated.
What It Means For Users
It’s estimated that around 91% of people consent to the legal terms and conditions of a website without reading them. However, this new development in data protection can give users a newfound reason to re-read and digest those lengthy and verbose privacy agreements, because it puts the power of privacy in their hands. The GDPR will change how companies operate and as a result, will revolutionize the industry by protecting the personal data of all E.U. citizens.
For instance, the GDPR gives users the power to request all the data that a company has on them. They can also inquire about how the data is compiled, collected, and the way that it’s used. This knowledge of companies’ intent for users’ data can stop businesses in their tracks.
These new rules give users the right to object to direct marketing if they deem it unnecessary or unwanted. The GDPR even allow users to request that their data be deleted. All this leverages the power of users and turns the tides in their direction, making for a new and uncharted digital landscape.
What It Means For Businesses
The GDPR and its user-protecting guidelines will affect just about every business in the E.U. Companies will need to be more transparent about how they store data and what they use it for. This includes generating new internal policies and regulations, like creating new data protection plans, data protection impact assessments, and documenting how data is gathered and used.
According to the GDPR, if a data breach does occur, a company has 72 hours to notify their country’s data protection regulator. And these regulators can instill quite a hefty fine to the offending organization who doesn’t comply with the new guidelines.
In fact, these fines are one of the most controversial components of the GDPR. Up to 4% of a company’s global revenue can be penalized as a result of non-compliance. And in case you’re wondering, for a company like Facebook, that amounts to about $1.6 billion.
These new developments are keeping just about all companies, small and large, on their toes. Facebook and Google have already allocated resources and funds, including large teams of personnel, to re-design and reassess how to give E.U. users access to their data.
A significant adjustment of this magnitude requires scores of attorneys, not to mention engineers and product managers, all who need to help their company adapt to the ever-changing landscape of digital privacy.
The Winds of Change
While it’s currently only viable in the E.U., the GDPR can be the thrown stone that creates the changing tide of ripples throughout the global tech industry. There really isn’t anything like these privacy laws and protections in the U.S., aside from healthcare records, financial documents, federal communications, and a few other exceptions.
But with South Korea, Brazil, and Japan set to follow the E.U.’s lead by passing similar data protection laws as the GDPR, a unified approach may be enough to influence and sway our own country’s data powers-that-be: Silicon Valley.
Either way, these new developments and stringent guidelines will serve to avoid data exploitation by strengthening the privacy rights and safeguarding the fundamental rights for not only members of the E.U., but someday, for all digital citizens around the globe.