How EU's Data Privacy Law Will Impact You - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // Big Data Analytics
Commentary
3/13/2017
11:20 AM
Jon Martindale
Jon Martindale
Commentary
50%
50%

How EU's Data Privacy Law Will Impact You

The EU's new General Data Protection Regulation or GDPR offers data protection for consumers and harsh penalties for violators. Here's what you need to know.

(Image: Maksim Kabakou/Shutterstock)

(Image: Maksim Kabakou/Shutterstock)

Although the Edward Snowden revelations of a US government surveillance program on citizens caused much consternation in the US they raised just as much ire in the European Union. That desire to see user data protected and not left at the whims of US corporations and intelligence agencies, is what's helped drive the implementation of the European Union's General Data Protection Regulation, a new piece regulation that could have far reaching consequences within the EU and beyond.

Designed to replace an aging data protection initiative implemented in 1995, the GDPR will not require individual state legislation, offering a single set of rules for all EU member states. The goal of the regulation is to give citizens back control over their data. In practice, this means forcing organizations to require more obvious opt-in methods of user data collection, as well as records of them giving that consent and easier to access ways to withdraw it.

That's vastly different from the near carte blanche access sites and companies have to users' data currently, and it could really shake up how companies operate within the EU.

In the long term this should mean that citizens of the EU have much greater control over their personal and professional information online and that their data should be more protected from breaches. In the short term though, this means that a lot of businesses are going to need to change the way they handle customer data and implement much greater safeguards for its capture and storage.

That's because this data protection law is actually going to have some teeth.

The GDPR introduces many changes to current data law, but the one that's stood out for a lot of people is the section on penalties. Sanctions begin with written warnings for "first and non-intentional non-compliance of regulations," but from there they stiffen very quickly.

Companies found deliberately not-informing customers of data collection, or found to be repeatedly mishandling it in any fashion, can be fined up to 20 million euros, or 4% of annual worldwide turnover or revenue, whichever is greater.

In the case of a company like Apple, for example, the maximum possible fine would be close to $10 billion. That's the kind of figure even an entity like Apple would feel.

In cases where smaller infringements are noted, the fines will be 10 million euros, or up to 2% of annual turnover or revenue, but even that is rather hefty. 

Fortunately for the many thousands of companies this regulation will impact, they do have some time to get their affairs in order. Although it has been adopted, the GDPR won't officially come into force until May 25, 2018.

That timeline does allow for some adjustment period for companies which operate within the EU, but it does raise some interesting questions about the UK's plans to leave the Union. It is unlikely to have completed its 'Brexit' by the time this regulation comes into play, and as a regulation, the GDPR does not require member state legislation to be applicable. That means companies will need to comply with GDPR within the UK just as elsewhere in the EU. That compliance requirement may change when Brexit is completed, but for the time being, it still must be followed.

This raises further questions about the UK's Investigatory Powers Bill, which the GDPR could effectively make illegal, and without such digital oversight, the UK's position within its Five Eyes spying network with other English speaking nations, could well change too.

Only time will tell, but it seems as if the tide may be turning against the idea of mass, digital data collection without oversight.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll