What is GDPR?
The General Data Protection Regulation will begin enforcement today, May 25, 2018. This a new regulation put in place by European lawmakers to protect the privacy of online users within the European Union. The core concept is that user’s privacy will automatically be protected at the start of any online session with any website. This means that rather than users having to search to find how to opt out of information and activity tracking, they will automatically receive a request for consent for their information and activity to be recorded.
The basics of GDPR
- Websites who interact with any users in the EU must ask for users’ consent before collecting any information or data.
- Users can easily find and delete any compiled data of their online activity.
- Companies must be fully transparent with users about any data breach within 72 hours.
- Websites who do not comply with the new legislation will receive a fine:
- Lower level fine: $10 million (euros) or 2% of annual worldwide revenue.
- Higher level fine: $20 million (euros) or 4% of annual worldwide revenue.
You can see the full text of the law here.
Why did GDPR take place?
It’s no secret that user privacy has been a topic of conversation for quite some time; especially with the eruption of social media and online user activity in the past decade. Even more so, with conspiracies, scandals, data breaches, data mining—frankly scary topics, the EU felt that more should be done to protect its citizens. Although GDPR has been in motion since April 2016, recent election tampering and data mining scandals may have been “the straw that broke the camel’s back”.
One primary example is the Facebook & Cambridge Analytica story, where user-data from the social media site was used to develop and target triggering content (content that suggests thoughts, actions, or opinions) at users who are likely to respond a certain way, based on user activity. Of course, that is speculation as hearings and testimonies are still taking place across the world.
Who does GDPR affect?
GDPR will primarily affect two groups; EU online users and the websites accessed by any users across the EU. Realistically, this affects pretty much everyone. With Europe housing 10% of the world’s population and over 75% of its population being internet users, websites will have to make drastic changes to their infrastructure to comply with GDPR. Keep in mind, if your site is not on a European server, does not interact with any EU populace, or compile data, you have nothing to worry about… for the moment. However, if your website involves any of those, you will want to take the proper steps to comply with GDPR.
Internet monsters like Amazon, Google, Microsoft, Facebook, etc. are already making significant adjustments to their site’s infrastructure to comply with GDPR, and some are making the changes for every location, not just the EU. Others are making themselves unavailable to the EU until they can assure that their site is fully compliant with GDPR.
Is GDPR a good thing?
In short, absolutely. Taking steps to protect the rights and privacy of online users is much needed and an admirable step towards a better online world and user experience. The problem is that for an organization to change their website’s infrastructure entirely is time-consuming and expensive. You see, creating a fully functional user consent and easily accessible data management system does not normally exist. At least there is not an “out of the box” product that does so. So, for a company to build one takes lots of development and money. This is easy for all the big players in town, but smaller companies without lots of disposable income may feel the hurt. Again, that is speculation as today is the first-day of GDPR, and only time will tell of its full impact.
A helpful tip
If your company has a website that collects any amount of user data and could touch users in the EU—check and make sure your site is compliant and not in violation any GDPR regulations. 20 Million dollars is not exactly a small price to pay.
w to improve it.