Brands today are under immense pressure to use people’s data responsibly. That doesn’t come as a surprise given the steep increase in the number of data theft and privacy breach cases.
Only four out of ten individuals believe businesses are truthful about how they utilise their data. Less than half (47%) of respondents trust the businesses with whom they share their information. Technology has changed our lifestyles in areas no one could have predicted in the last 25 years, necessitating a rewrite of the rules.
The EU’s data protection policies have long been held up as a global gold benchmark.
The General Data Protection Regulation or the GDPR is a game changer in the field of data security and privacy. One of the EU’s biggest triumphs in past years was the adoption of the General Data Protection Regulation (GDPR) in 2016. It succeeds the 1995 Data Protection Directive, which was enacted while the internet was still in its infancy.
The General Data Protection Regulation (GDPR) has now become EU law. Member countries had two years to guarantee that it was entirely implemented in their respective countries, by May 2018.
The rule was enacted to safeguard user data security in Europe, but what prompted the EU to enact these new regulations? The most important factor is that current people no longer trust organizations with their personal information, which is understandable.
Nobody wants to hear that businesses are profiting from the sale of their sensitive data. Brands have demonstrated time and time again that they can’t always be trustworthy, from Facebook to Uber.
Data security has become more important in public perception since the law. Privacy is no longer a laughingstock, as many top corporations have discovered the hard way.
In this article, we will talk about how GDPR is changing over the years. We will also talk about how it has impacted businesses worldwide and where it still lags.
The comprehensive data privacy law grants individuals the ‘right to be forgotten,’ demands reporting of data breaches within 72 hours of detection, and punishes firms with penalties of up to 4% of annual sales or €20 million, whichever is more, if they fail to abide.
Apart from that here are the key changes under GDPR
- The territorial scope has been expanded. It now covers all firms that process private information of individuals residing in the EU, irrespective of their location.
- When gathering personal information, you must provide greater information to data clients
- New rules apply to obtaining authorization to acquire personal data. Consent, both implicit and explicit, now necessitates a clear positive action.
- The minimum age for data collection has risen from 13 to 16
- You must erase material that isn’t being used for its intended purpose
- People should be able to cancel their permission to data processing at any moment, and doing so should be simple. The data subjects must be given more control.
- Unless the violation is unlikely to lead to a threat to data subjects, you have 72 hours to alert regulators
- For grievances, there is a single federal office
- A Data Protection Officer must be appointed by massive data processors
Axel Voss, a representative of the European Parliament who was intimately invested in the GDPR’s development, feels the law has struggled to meet its goals, has resulted in tremendous bureaucratic and regulatory burdens, has hampered Europe’s digital revolution, and requires an immediate review.
The regulation has elicited a substantial response. An Oxford University study indicated that the number of cookies placed sans user’s permission on news sites reduced by 22% promptly after GDPR adoption. In addition, the European Commission revealed in January 2021 that morethan 95,000 GDPR-related grievances had already been submitted with Data Protection Authorities (DPAs).
As per a recent DLA Piper poll, over 59,000 security breaches were revealed to authorities between May 2018 and January 2019, with 91 fines levied. All this includes €20,000 for having failed to tokenize staff passcodes, €80,000 for releasing health data over the Internet, €4,800 for running an overly broad CCTV system. Yet the most notable of these is the €50 million fine to Google for misappropriating personal data for targeted advertising.
Apart from complaints and fines, GDPR has changed how people look at privacy. User privacy is finally something that people can control. Here is how:
- Users have complete authority over their privacy under GDPR. They can choose who and why they wish to share their information with.
- GDPR protects people from internal and external transgression
One of the fundamental motivations for enacting the GDPR was to allow organizations with numerous presences across the EU to communicate with a single data security organization rather than 27.
Three years into the law, privacy experts believe there is still a lack of harmonization among EU member states, as well as continuous new and updated recommendations.
While GDPR regulation drew headlines and prompted some businesses to quickly comply, it also led some to shy away from prospects in Europe. A number of things are simply not being done in Europe because businesses are terrified of the GDPR.
The regulation’s “broad” interpretation of personal data violation and 72-hour disclosure requirement is challenging for certain businesses, resulting in “irrational time pressure” and implications on countries with varied standards.
43% of men and 36% of women feel businesses don’t care if they violate GDPR laws. This is another issue that is seen in GDPR implementation. However, remember that the GDPR provides a new concept of accountability. This requires you to explain how you are in compliance with the GDPR.
It implies that you must maintain extensive documentation of your processing operations. You must also put in place adequate safeguards to prove compliance with the GDPR.
You risk incurring significant fines if you do not adhere to GDPR.
In the future, GDPR is just one of a number of data privacy standards that businesses must be aware of. The California Consumer Privacy Act (CCPA), which entered into force on January 1, 2020, is the next significant test for businesses in terms of data security.
The California Consumer Protection Act, like the General Data Protection Regulation (GDPR) of the European Union, requires many (but not all) enterprises to respect consumers’ data privacy rights. While the GDPR covers people within Europe, the CCPA only applies to citizens of California.
The CCPA may appear to be a hassle for businesses, but it was a big step ahead for customers who cherish their data privacy. After all, we are all users who should be concerned about the confidentiality of our private details.
GDPR is just the tip of the iceberg in terms of what’s to come in the future.
The laws governing privacy are evolving. Brands can anticipate privacy laws to play a more important part in how we do business in the future decade. If your firm has a footprint in the EU but is still not GDPR complying, you are endangering your reputation.
It’s a gamble you wouldn’t want to accept. Failing to adhere will result in harsh fines and the possibility of losing your company.
There are some positive things, though, for businesses operating outside of the EU. Improvements are on the way, but there is still time to plan. By making your business GDPR-compliant now, you will be ahead of the pack and will not fall behind when requirements are revised in the future.
If you still have not worked on the GDPR compliance of your company, it’s time you start acting before it gets too late.