The GDPR Story Begins

The GDPR Story Begins

We’ve been waiting years for its arrival, holding our breath in nervous anticipation—and finally, on May 25, the world will experience it. But enough about the new Star Wars movie. The same day that “Solo” lands in theaters, another powerful force will make itself felt across the European Union and beyond: the GDPR. For two years, Europeans have been preparing for the General Data Protection Regulation, which is better known by its acronym. It goes into effect in the EU on May 25.

If the GDPR sounds alien to you, you’re not alone. But in truth, it’s far less dramatic than the adventures of Han and Chewy.

The GDPR legislation, approved in April 2016, creates new rules to govern how companies doing business in the EU can use consumers’ data. In addition to turning over more control of their data to consumers, the legislation aims to establish more uniformity in privacy rules throughout the EU.

Under GDPR rules, companies may no longer present consumers with byzantine consent agreements that roll up a host of statements about what they can do with their information. Instead, companies must break them up into individual consent agreements. The process for withdrawing consent should be simple, according to the new rules.

Other GDPR requirements cover transparency concerns, such as enabling consumers to access personal data being stored by companies. Punishments for violating the GDPR laws could be steep: A fine of up to 4 percent of a company’s annual revenue or $24.6 million, whichever is greater.

Coming at a time when U.S.-based social media giants like Facebook are taking fire for their perceived facilitation of Russia’s campaign to influence the 2016 presidential race, the advent of GDPR raises the question of whether a similar regulatory regime is in store in the United States. Sens. Edward J. Markey (D-MA) and Richard Blumenthal (D-CT) introduced a bill in April intended to create privacy safeguards for the customers of online service providers. A separate bill introduced in April by Sens. Amy Klobuchar (D-MN) and John Kennedy (R-LA) would force companies to inform users that their data is being collected and identify third parties with access to their information.

Between continued and rampant identity theft, data breaches, and nefarious foreign activities, the likelihood of Americans seeing GDPR-like measures in the near future seems high. Even if Congress doesn’t take action, the Googles and Facebooks of the world understand that enhanced privacy measures are a must in the eyes of consumers.

In fact, complying with GDPR likely gives many U.S. companies a head start on where the world of data security is heading.

Latest Articles

Securities and Exchange Commission Brings Back Misconduct Admissions Policy

Cancel culture is a hot topic in everything from celebrities to academia to sports. Impolite – or just plain offensive – actions and comments seem...

Executive Compensation: Clawback to the Future

It may seem like only yesterday to politicians, lobbyists and bankers, but the Dodd-Frank Wall Street Reform and Consumer Protection Act – more comm...

New EU Sustainability Reporting Standards Could Offer Blueprint for U.S.

In the United States, the Green New Deal is a political hot-button issue. In Europe, it’s a set of policies that already have been adopted to transf...