The General Data Protection Regulation (GDPR) is perhaps the most important change in data privacy regulation in 20 years. The regulation requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It also regulates the exportation of personal data outside all 28 EU member states. Every company that does business in Europe is required to comply with the new rules around protecting customer data or face heavy fines.
Approved in April 2016, GDPR comes into force on May 25 2018. Companies breaching GDPR laws will be fined up to 4 percent of annual global turnover or 20 million euros ($24.6 million), whichever is bigger.
New Data Rules for the Digital Age
After the Wild West rush for consumers’ data, GDPR introduces strict rules for how companies collect, store and processes personal information about EU citizens. Companies will now be required to provide the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.
GDPR also protects other personal and private data, including health and genetic data, biometric data, racial or ethnic data, political opinions and sexual orientation. The regulation comes in the wake of increased privacy concerns following high profile data breaches like the one at Facebook, in which data-analytics firm Cambridge Analytica collected personally identifiable information of up to 87 million Facebook users.
“As businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis,” writes computer and network security company RSA Data Security, LLC, in its recent Data Privacy & Security Report, which surveyed 7,500 consumers in France, Germany, Italy, the UK and the U.S. on issues of data privacy and security.
Of those people RSA surveyed, 80 percent said data breaches leading to lost banking and financial data is a top concern. Some 76 percent of the respondents cited lost security information (e.g., passwords) and identity information (e.g., passports or driving license) as their biggest concern.
GDPR aims to alleviate these concerns by enhancing consumer data protection laws and giving greater rights to individuals who will now have more say about the information that's held about them.
What GDPR Means for Publishers, Advertisers and Users
Europe has long had more stringent rules around how companies use the personal data of its citizens. GDPR harmonizes data privacy laws across Europe, meaning companies will now have just one data privacy standard to meet within the EU, which most will probably appreciate.
For users, rules surrounding consent have been strengthened. Companies are not allowed to use vague or confusing statements to get you to agree to give them data. It’s also wrong for companies to give a page of different consent, and saying by clicking here you consent to many things. You should be able to apply that consent individually. Consent must also be easy to withdraw.
Every business with a website in the EU has an obligation to comply with GDPR laws. Check out other key provision of GDPR for publishers, brands and users in this handy inforgraphic developed by The Media Trust below:
(Click visual to enlarge.)