The GDPR Story Begins

The GDPR Story Begins

We’ve been waiting years for its arrival, holding our breath in nervous anticipation—and finally, on May 25, the world will experience it. But enough about the new Star Wars movie. The same day that “Solo” lands in theaters, another powerful force will make itself felt across the European Union and beyond: the GDPR. For two years, Europeans have been preparing for the General Data Protection Regulation, which is better known by its acronym. It goes into effect in the EU on May 25.

If the GDPR sounds alien to you, you’re not alone. But in truth, it’s far less dramatic than the adventures of Han and Chewy.

The GDPR legislation, approved in April 2016, creates new rules to govern how companies doing business in the EU can use consumers’ data. In addition to turning over more control of their data to consumers, the legislation aims to establish more uniformity in privacy rules throughout the EU.

Under GDPR rules, companies may no longer present consumers with byzantine consent agreements that roll up a host of statements about what they can do with their information. Instead, companies must break them up into individual consent agreements. The process for withdrawing consent should be simple, according to the new rules.

Other GDPR requirements cover transparency concerns, such as enabling consumers to access personal data being stored by companies. Punishments for violating the GDPR laws could be steep: A fine of up to 4 percent of a company’s annual revenue or $24.6 million, whichever is greater.

Coming at a time when U.S.-based social media giants like Facebook are taking fire for their perceived facilitation of Russia’s campaign to influence the 2016 presidential race, the advent of GDPR raises the question of whether a similar regulatory regime is in store in the United States. Sens. Edward J. Markey (D-MA) and Richard Blumenthal (D-CT) introduced a bill in April intended to create privacy safeguards for the customers of online service providers. A separate bill introduced in April by Sens. Amy Klobuchar (D-MN) and John Kennedy (R-LA) would force companies to inform users that their data is being collected and identify third parties with access to their information.

Between continued and rampant identity theft, data breaches, and nefarious foreign activities, the likelihood of Americans seeing GDPR-like measures in the near future seems high. Even if Congress doesn’t take action, the Googles and Facebooks of the world understand that enhanced privacy measures are a must in the eyes of consumers.

In fact, complying with GDPR likely gives many U.S. companies a head start on where the world of data security is heading.

Latest Articles

At Behest of SEC, Companies Disclose Effects of Russia-Ukraine War on Businesses

When one of the world’s largest countries unilaterally invades a neighboring nation, predicting the impact on global businesses with any degree of c...

Proxy Season Brings Socially Motivated Shareholder Proposals from Both Sides of the Aisle

It’s nothing new to see activists showing up at annual shareholder meetings to protest banks’ social agendas. In fact, they’re typically taking ...

Absence of Crypto Disclosures Ensnare Computer Chip Manufacturer

California-based Nvidia Corp. boasts that its computing technology enables users to accomplish feats that would be impossible with “ordinary” comp...