What you need to know about the GDPR

The digital world is slowly taking over various industries, and many companies are flocking the internet to take their businesses where there are the most customers. It has never been easier to build a following of customers online. However, the threats online have never been more aggressive as well.

According to Gemalto, there are 7,125,940 data that are compromised each day in 2017. To break it down, that’s 296,914 compromised records every hour, 4,949 every minute and 82 every second. Various countries are beginning to take steps towards the security of customer information, and the European Union (EU) is about to make progress.

Come May 25, 2018, the General Data Protection Regulation (GDPR) will be in effect in all 28 states of the EU. The new law hopes to “harmonize data privacy laws across Europe,” according to its website.

The European Parliament adopted the GDPR in April 2016, and it will replace the previous data protection regulation called the 1995 Data Protection Directive, CSO Online reported. The new regulation will require businesses and companies to protect the data and privacy of EU citizens that make transactions within the confines of the member states. Other than that, it also takes into account personal data that are exported outside the EU.

There’s nothing wrong with streamlining the standards across all companies in the EU, but the GDPR has been scrutinized for setting the bar too high. Some have also said that its provisions will obligate companies to make certain investments and improvements first.

Key provisions in the GDPR

To begin with, the GDPR’s impact will be felt throughout many industries. Social media websites like Facebook and Twitter will need to immediately adhere to the regulations, per MarTech Advisor. Other affected companies are retailers, political organizations, and banks with online outlets.

For those outside the EU, the provisions under the GDPR will apply to companies that have a presence in any of the member states and companies that handle accounts of European citizens. Additionally, the GDPR will also apply to companies that have more than 250 employees. If a company has less than 250 employees, it will still apply to them as long as their data processing affects the rights and freedoms of data subjects in the EU.

One concern of companies within the scope of the GDPR is that they’ll have to appoint a data protection officer (DPO). Those required to appoint a DPO are public authorities, businesses that keep or handle a great quantity of EU citizen data, and those that specialize in checking data subjects.

DPOs can come in the form of an individual or a unit of specialists. Businesses are not allowed to interfere with the work of DPOs, and doing so will result in a fine. Additionally, the failure to appoint a DPO will also lead to a fine.

The GDPR also enhances the rights of customers to their data. Specifically, they will now have the right of access to their personal data, a right to correct inaccuracies, a right to have their data erased in certain cases, a right to restrict processing of their personal data, a right to transfer the data from one device to another without the interference of a data controller, a right to object to data processing and a right not to be subject to automated processing, including profiling (Right to No Profiling).

Businesses are also required to inform their customers about what they do with the data they collect, and the details must be expressed in clear and simple language.

Another key provision in the GDPR is that it has an extra-territorial effect. Regardless of whether or not the business’ server is inside the EU, the provisions in the GDPR must be adhered to as long as the services or goods are being offered to EU citizens. This means non-EU businesses that process the personal data of the said citizens must adhere to the new standards.

The GDPR outside the EU

Its extra-territorial effect is worrying businesses outside the EU as well. According to a report by Ovum, about two-thirds of companies worldwide anticipate that they will adjust their business strategies to comply with the regulations. Furthermore, 85 percent of U.S. companies believe that they are at a competitive disadvantage over European companies.

A PwC survey says that 68 percent of American companies are expected to spend about $1 million to $10 million to meet the new standards set by the GDPR. On the other hand, 9 percent are expected to go beyond $10 million. Unless they meet the standards, they can say goodbye to the European market.

The GDPR is great as it provides improved security and privacy for the personal data of consumers. After scandals like the recent Facebook-Cambridge Analytica issue, people are more concerned than ever for their information online. Despite its huge advantage for citizens in Europe, its high standards are definitely going to be felt by businesses in and out of the EU.