By now you have probably received a privacy policy update from every newsletter, website, and app you have every interacted with. Every company and online platform has been working diligently to assure that they are compliant with the General Data Protection Regulation – GDPR as it is better known. GDPR is aimed at setting up guidelines regarding data management of European Union citizens.
It was adopted in April of 2016 and was proposed as a tool to help with protecting the data of EU citizens. These guidelines came into full effect on May 25, 2018 and have spurred a fury of updates all across the world. These guidelines are not only affecting people that are in the European Union, but also companies doing business with any EU citizens, and any third party companies. They reach far and wide. The International Association of Privacy Professionals and EY estimated that Fortune Global 500 companies spent roughly $7.8 billion to prepare for the new rules.
What exactly does GDPR entail?
With these guidelines in place, the first major step for a company is to obtain a user’s explicit consent for data collection. The information that companies can obtain with your usage of their products and services is being limited to assure that users are not targeted. Data is still allowed to be collected, but a company must provide a strong reasoning for collecting this data. Further, it is not allowed to be stored for longer than necessary. This helps ensure the safety and privacy of users.
It is now required for companies to notify authorities within 72 hours of any data breaches or hacks. This is another key feature of these guidelines, as lately there has been a lot of information coming out regarding companies being hacked several years ago and never notifying anyone about it. The goal is to eliminate the delay between the time a breach occurs and the time a user is notified.
The cost of breaking these guidelines is significant (hence why everyone is working so hard to update their policies and be compliant). Fines can be imposed on a revenue basis, and things can be shut down if they are not meeting guidelines. A user can now request for their data to be deleted and if the company does not comply (other than for a few exceptions), said user can file a claim against this company.
If you are a business owner (and you have yet to do so), it is crucial that you review your policies. It may be good for you to review them with an attorney and be sure to review what companies you are working with (to clarify whether you are one of these third parties that needs to comply). If you are an individual, now may be a good time for you to review all of the different services and companies you are interacting with. As your email gets flooded with these updates, take the time to identify what services and products you want to continue using. Also it is good to review all of the changes made by these companies.