The European Union’s General Data Protection Regulation or GDPR authorizes steep fines for companies that don’t comply with new privacy rules aimed at giving Europe-based users more control over the data companies harvest and hold.
GDPR, aims to safeguard data-privacy rights by requiring companies to get consent before using personal data and requiring them to store it safely.
Though businesses were given ample time to implement the new regulation (it was adopted in 2016) unsurprisingly, many companies here and abroad have not prepared for the change (likely due to cost).
Forrester Research Inc. said it had anecdotal evidence that large firms allocated on average $20 – $25 million, while smaller companies budgeted $4 – $5 million to become GDPR-compliant. As of the May 25th rollout date, firms that violate the EU’s privacy rules risk substantial fines as high as 4% of their global revenue.
In fact, U.S. Web site’s did go dark in the EU last Friday. For instance large media player Tronc Inc. (publisher of the Los Angeles Times, New York Daily News and other U.S. newspapers) was among those blocked from access to the European marketplace.
These are some of the safeguards the GDPR provides:
1. Companies are required to report data breaches within 72 hours.
2. Businesses will often need to obtain users’ consent to process their personal information.
3. Customers will have the right to see the data companies hold on them.
4. Customers can make a request for some of their personal data to be deleted.
5. Companies are responsible for demonstrating compliance.
But, this is a move happening in Europe, how does it affect online businesses here in the U.S.? Multinational companies (like Facebook, Google, etc) conducting business in the EU will naturally implement GDPR here in the U.S. too.
Also, if you’re a large enterprise interested in acquiring small startups using personal data, you might decide against launching the service in Europe due to concern the startup could expose the parent to huge fines.