The European Union’s General Data Protection Regulation, better known as GDPR, swung into full enforcement May 25, 2018. It was enacted to offer certain protections to EU citizens regarding their personal information. Though it was passed two years ago, SMBs and corporations without an international business model largely ignored it until the enforcement went into effect a month ago. You have likely noticed updated terms and conditions on many websites you visit. Understandably. It’s brought up a lot of questions for businesses and organizations everywhere.
Here’s what we want you to know:
What is GDPR?
Through GDPR any citizen or resident of the European Union has increased control over their personal data. It does this by clarifying the rules and responsibilities for any company who collects or processes personal data of citizens or residents of the EU, regardless of where that company is located. The GDPR also empowers EU citizens with expanded rights about the collection and use of their data, with which companies are required to comply with. EU residents can even object to how their information is being used and can revoke their consent for the use of their information at any time.
How does it affect your business?
As an organization in Atlanta, Georgia, USA, this all may sound completely irrelevant to you at this point. However, the possibility remains that you might have web traffic coming from the EU and you may not even realize you’re collecting information on those users, via cookies and web tracking. Or, perhaps someone from the EU signs up to your email list. Remembering that the internet is a vast place and all things are possible, it’s important to ensure that your company is compliant with the GDPR. Failure to do so could result in trouble down the road, including fines.
Changing the way people do business
The European regulations are reshaping the way major companies approach user data. Global corporations are extending the new data paradigm to America and have already touted the benefits in Congressional Hearings.
While GDPR has immediate implications for businesses worldwide, regulations like this tend to travel. The comprehensive law was implemented so smoothly that it is seen as the harbinger of a global shift towards increased privacy and respect for the sanctity of digital identities. Analysts anticipate similar regulations appearing in the US in coming years.
Californians are expected to vote on a newly proposed data privacy law called the California Consumer Personal Information Disclosure and Sale Initiative. This new law would allow residents to request copies of data collected about them and affords them the right to know what third parties that data has been sold to and request that their information not be shared or sold. And the United States Supreme Court just passed a ruling requiring that police get a search warrant to review cell phone records that include data like a user’s location. While this is not an imposition on businesses, it aligns with the global trend of increased privacy protections.
Even for companies that are not subject to specific regulations yet, the tide has turned, and consumer and privacy advocates are gaining traction. People want to know their information is safe; otherwise, they are going to be less willing to part with it than just a couple of years ago. And businesses who rely on any kind of personal information – whether that’s site browsing habits, names or even email addresses – will do well to address and reassure those concerns head-on. Ignoring them will be considered one of the most egregious business faux pas of our times.
For more information about the specifics of the GDPR, we recommend reading This Tech Republic article covering the details about compliance that you need to know.
Is your business worried about the impact of GDPR? We can help take your worry away. Contact Multi IT on 011 435 0450 for more information.