GDPR Impact: Be In The Know
By: Jeremy Sneed
Think of how much technology has developed since 1995. The advancement of the Internet alone has changed and impacted almost every aspect of society, evolving the way humans live and interact. With these undeniable transformations, it’s hard to believe that the entire European Union has operated under the same data protection laws since the 1995 Data Protection Directive (DPD) with little to no updates or improvements.
This is all about to change with the new EU General Data Protection Regulation (GDPR).
Even if a company isn’t in the European Union, which encompasses 28 member countries, any organization that is working with data of citizens within the EU will be required to be GDPR compliant.
The clock is ticking! These new regulations are set to be enforced on May 25th of this year.
Here are some key changes to note, and the GDPR impact on Europe.
#1. No more hiding in the dark
In 2014, Uber realized a data breach within the company. Over 100,000 of its driver’s personal information was compromised. Uber failed to inform affected drivers until nearly 5 months later.
In the midst of efforts to settle with the Federal Trade Commission (FTC) on this matter, Uber discovered yet another data breach, only this time involving over 25 million of its customers. Except here’s the catch, when Uber announced this data breach in 2017, it had actually occurred over a year prior to in 2016. That’s right, Uber waited over a year to announce that over 25 million of its users had their given information compromised.
With the new GDPR impact, the failure to inform consumers or employees is now a thing of the past. Companies that are victim to any form of data breach, whether by cyber attack or human efforts, will have to notify any affected or related parties within 72 hours of the breach.
#2. The GDPR Impact On Consent
Possibly one of the most notable aspects of the GDPR impact is the new form of consent required from consumers/users. Under the previous DPD, consent could be implied simply from inactivity or inaction from a user, such as a pre-ticked box. With this, consumers could be giving up personal data without even realizing they consented in the first place. The GDPR also requires that any legal language that is used to inform consumers of the use of their information be “clear and plain” and “distinguishable from other matters”. In essence, users now must give their consent upfront, know exactly what they are consenting to, and be made aware of their right to withdraw that consent in advance.
#3. Right to data portability
The GDPR impact is mandating that users have the ability to request what of their information has been collected. This gives users the ability to ask that any information collected pertaining to them be shared with them. Not only this, but the process for accessing this information is now becoming much smoother as well. Companies will no longer be permitted to charge for an access request, and will be required to process these requests in 30 days or less.
#4. Right to be forgotten
What if someone simply doesn’t want their information collected and used to better target them with ads or Account Based Marketing? Opting out of this data collecting will be a new reality under the GDPR. Users will now have the ability to ask that any stored information about them be deleted, even if they gave previous consent.
The GDPR impact leaves no room for games in it’s enforcement. Failure to comply with these new regulations can result in company fines up to 10 million Euros or up to 4 percent of the companies annual global turnover.
All information about the GDPR can be found here. Be confident that if your company has any affiliation with EU consumers, such as marketing products to those in the EU or monitoring behavior of those in the EU, that you are prepared for these changes.
By: Jeremy Sneed