The GDPR is coming!

Years after the ruling and deliberations that followed, the General Data Protection Regulation, commonly known as the GDPR, is finally going into the enforcement period in the EU on May 25, 2018. While the law passed a while back, there was a transition period (dubbed the “sunrise phase”) in which companies had time to achieve compliance. Now, that period is coming to an end and bringing with it both benefits and burdens. As a company that fights for privacy and security, we must say we’re excited about the privacy benefits for consumers.

What is the GDPR?

GDPR stands for General Data Protection Regulation and is a law passed in the EU to govern how online user data is handled. The GDPR aims to protect the privacy of personal information, and has been described by some as “user-first” and “privacy-centric.” The GDPR favors privacy and the right of the consumer, as opposed to the adtech industries and big companies who so often track users. There is a right to be forgotten included under the GDPR, which goes beyond just deleting data after a request is submitted.

What Does the GDPR Mean For You, an Internet User?

These rules have positive impacts for Internet users in the EU and beyond. Users can expect less surveillance and information tracking, and more control over their personal information. The data revamp will allow EU consumers to pull their data from a company at any time, giving them more control than before as well as allowing them to be aware of who has collected what information on them.

As described by Computer Weekly, “GDPR is aimed at giving consumers the right to know, limit, delete and correct information about themselves. The regulations will provide consumers with better access to the personal information collected about them and improve corporate accountability for data handling. Consumer Action believes the US and other consumers will benefit indirectly because it is unlikely that global corporations will create country-specific systems for data protection, retention, correction and deletion. This means all consumers will benefit from improved personal data protection processes.”

As a result of these far-reaching effects, legislators around the world are updating legislation to comply!

What does the GDPR Mean for Businesses?

Rules enforced under GDPR extend beyond just businesses in the EU, as they govern anyone who does business there. Specifically, they impact anyone who wants to trade with the EU, sell a product or service in the EU. For businesses, compliance may be very expensive and difficult (especially in emerging economies). Not to mention, huge fines will be imposed for noncompliance.

The law requires businesses to alert customers within three days if their data is hacked and allow users to move information to rival services at the drop of a hat.

Further Implications

Some are looking at this as an opportunity, not a challenge: an opportunity to differentiate.

The EU has always respected user privacy more than its counterparts (in the United States, for example). The recent ruling against Facebook in Belgium reflected this, as do the upcoming GDPR.

“O’Brien: In Europe, we view data as part of the person. In the U.S., particularly in the last 30 years or so, data has come to be viewed as currency. That is, something involved with the exchange of goods or services. Whether the latter is a valid model or not is something that history will tell. In Europe, we recognize that issue more clearly than the U.S. has. Still, GDPR in Europe is a case of evolution rather than revolution. The underlying principles of GDPR are not new. They have been the law for over 30 years. This is simply a clarification, or a restatement of fundamental principles.”

The US does not have quality protection, and state and federal offer limited protection—so this may force them to reevaluate how they protect user data.

Learn more about the GDPR on their official site: https://www.eugdpr.org/

Sources: Boing BoingComputer WeeklyTech Target