Search the Site

The GDPR Story Begins

The GDPR Story Begins

We’ve been waiting years for its arrival, holding our breath in nervous anticipation—and finally, on May 25, the world will experience it. But enough about the new Star Wars movie. The same day that “Solo” lands in theaters, another powerful force will make itself felt across the European Union and beyond: the GDPR. For two years, Europeans have been preparing for the General Data Protection Regulation, which is better known by its acronym. It goes into effect in the EU on May 25.

If the GDPR sounds alien to you, you’re not alone. But in truth, it’s far less dramatic than the adventures of Han and Chewy.

The GDPR legislation, approved in April 2016, creates new rules to govern how companies doing business in the EU can use consumers’ data. In addition to turning over more control of their data to consumers, the legislation aims to establish more uniformity in privacy rules throughout the EU.

Under GDPR rules, companies may no longer present consumers with byzantine consent agreements that roll up a host of statements about what they can do with their information. Instead, companies must break them up into individual consent agreements. The process for withdrawing consent should be simple, according to the new rules.

Other GDPR requirements cover transparency concerns, such as enabling consumers to access personal data being stored by companies. Punishments for violating the GDPR laws could be steep: A fine of up to 4 percent of a company’s annual revenue or $24.6 million, whichever is greater.

Coming at a time when U.S.-based social media giants like Facebook are taking fire for their perceived facilitation of Russia’s campaign to influence the 2016 presidential race, the advent of GDPR raises the question of whether a similar regulatory regime is in store in the United States. Sens. Edward J. Markey (D-MA) and Richard Blumenthal (D-CT) introduced a bill in April intended to create privacy safeguards for the customers of online service providers. A separate bill introduced in April by Sens. Amy Klobuchar (D-MN) and John Kennedy (R-LA) would force companies to inform users that their data is being collected and identify third parties with access to their information.

Between continued and rampant identity theft, data breaches, and nefarious foreign activities, the likelihood of Americans seeing GDPR-like measures in the near future seems high. Even if Congress doesn’t take action, the Googles and Facebooks of the world understand that enhanced privacy measures are a must in the eyes of consumers.

In fact, complying with GDPR likely gives many U.S. companies a head start on where the world of data security is heading.

Related Articles

SEC All About Main Street in 2019

You can rarely go wrong in politics by promising to look out for average Americans. It’s a time-honored lesson that Securities and Exchange Commissi...

SEC Year in Review: Clayton Begins to Make Waves

Securities and Exchange Commission (SEC) Chairman Jay Clayton took office in the middle of 2017, but 2018 feels like the year he finally started to pu...

Future of Cryptocurrencies Clear as Mud

Cryptocurrency enthusiasts are renowned for their devotion to Bitcoin and other forms of virtual money. Lately though, regulatory authorities haven’...