Months ago, we began writing about the impending Global Data Protection Regulations (GDPR) and what it means for your business or brand as well as what we envision this new era of data privacy protection will look like. All told, as of 5/25/18, GDPR is in place essentially for one reason: to give the control of what personal information is shared, back into the hands of the consumer. Choose not to comply or miss the deadline and you will face the consequences.
We’ve seen instances of this in the past week alone, by way of hefty fines issued and in some fringe cases—total site shut downs across the entire European market. This was the case with some major news providers whose sites were taken down in the UK leaving behind just a note to their readership regarding the new regulations. Among these news outlets were those owned by the publishing company, Tronc and included The New York Daily News, The Los Angeles Times and Chicago Tribune.
And while most other major news outlets were untouched by the policy shift, some including the consummately compliant NPR, issued users a statement that they must either agree to tracking or agree to view a plain text version of the site.
While others adopted by sending European users to a “European Union Experience”, as seen here by USA Today.
So what happened or is happening? While it’s hard to believe that such big players were woefully unprepared for the 25th, it’s looking more and more as thought this is exactly what happened. Those that weren’t shut down entirely—which admittedly, wasn’t a common practice—are receiving notices of lack of compliance. In short, GDPR is no joke.
We trust if you’re reading this, you’ve taken the necessary steps to ensure compliance, but we thought it may be helpful to provide a quick synopsis of how GDPR affects all of us—inside the European Union—and out. So if you haven’t yet taken all the necessary steps, 6 days later, we strongly encourage to do so immediately. Here’s why:
- Whether you’re in the EU or out, GDPR affects you. Just ask the US-based news outlets that were literally shut down in Europe on May 25th.
- If you’re in the business of designing products or services (even features) that harvest consumers’ personal data (think mobile apps), you need to put consumer data privacy at the forefront at the very start.
- Further, data privacy will be set as the new default and it will be the consumer’s choice whether they wish to turn privacy off within these apps.
- Which will make understanding a site’s policies and terms of service a whole lot easier. You will also likely be prompted to revisit your privacy settings upon login to your favorite or most used social apps.
- The consumer has the “right” to take their data with them, should they switch to another provider of service. This is called “data portability”. Moving data not your thing? Consumers can also simply request that data be erased, provided certain criteria for erasure is met. More on that here.
- Breaches in data will get reported significantly faster. In fact, GDPR has a 72-hour rule attached to it that requires any breach to be reported to the proper authority to take action within this 72-hour timeframe.
- There are 20 million reasons to comply as the fines for noncompliance will be mighty. Up to 4% of annual global turnover or 20 million euros—whichever is greater. We’re talking about the potential for fines in the billions, so now is the time to get all the proverbial ducks in a row.
- The less consumer data that is stored means more in the way of building consumer trust—and this can only mean good things for businesses.
- Think of GDPR as the minimal viable product in privacy. It’s the skeleton, not the flesh, so look for additional pushes on clarity when it comes to data store-transparency.
Want to learn more? Visit the European Commissions’ stance on all things GDPR here.