Major Regulatory Overhaul on the Internet
Businesses often collect personal data like a user’s name, home address, email address, birthday, location, and more. This information is used to offer more personalized messages in order to sell more products or services.
Data collection is valuable because personal information teaches marketers more about their consumers. Facebook generates billions of dollars in revenue every year simply by collecting data from their subscribers. The social media giant makes money by targeting users with third-party ads.
One of the most talked about sections of GDPR is the ability for regulators to fine businesses for not abiding by the new regulations. If an organization doesn’t process an individual’s information in the correct way, it can be fined.
Another part of GDPR includes the consumer having access to their own personal information. Now individuals have the power to request the personal information companies have collected about them. This information must be provided within 30 days of a customer’s request. Customers also have the right to request deletion of this information. Companies must also report any type of data breach within 72 hours after discovering the breach. Under GDPR, this “destruction, loss, alteration, unauthorized disclosure of, or access to” people’s data has to be reported.
One of the most talked about components of GDPR is the ability for regulators to fine businesses for not abiding by the new regulations. If an organization doesn’t process an individual’s information in the correct way, they can be fined. If an organization doesn’t have a particular employee designated as the data protection officer, they can be fined. If the company encounters a security breach and does not report it, they can be fined. Fines can be as high as 4% of a company’s total global revenue and are at the discretion of the Member States. Even if a company does report a security breach within the required 72-hours, depending on the severity of the data breach, cooperation offered by the offending company, and any previous infringements that may have occurred, it is up to the discretion of the Member States as to the fine imposed.
In the United States, any business that collects data from citizens in the EU must follow GDPR regulations or risk being fined. Companies that don’t have consumers in the EU will have a choice as to whether or not to get on board with these data collection protocols. It’s rumored that the U.S. is not far behind in implementing some type of similar data regulation. In fact, in August of 2018, California signed into law the California Consumer Privacy Act, the first of its kind in the United States. This is likely a preview of what’s coming for the whole country.