What is GDPR compliance?
We all know the internet was designed to make worldwide communication easier, but this convenience comes at a price: your privacy. Every day, users willingly provide the personal data to receive free services and perks from businesses all across the world.
The new General Data Protection Regulation (G.D.P.R.) guidelines now require companies to be transparent about how user data is handled, and necessitate their permission before using it. They’ve heighted the legal recourse against businesses who fail to verify any personal information like relationship statuses, income, education, etc. that they use for their ads, websites or apps.
And to make it stick unlike past laws (note: the Facebook Cambridge Analytica scandal), companies could now be looking at fines of up to 4% of their global revenue if they don’t comply.
G.D.P.R facilitator Jan Philipp Albrecht told The New Yorker (Powles, 2018), “For the last ten years, there was no chance to be on an eye level with the big Internet companies from Silicon Valley. “With G.D.P.R., this will change.” He added, rather optimistically, “The power of consumers has not really started.”
So what exactly will G.D.P.R. Change?
For the European Union’s 28 member states, users will notice fewer ads following them around the internet as a result of visiting a site or showing interest in an article. With the law making it harder for companies to collect and sell information, these remarketing ads will lose their targeting powers and become less fine tuned to those they reach.
Users can now ask companies what information they have filed about them, and request it be deleted. Or if they suspect their personal data is being misused or collected involuntary, they have the right to file a complaint with their national data protection regulator. These measures will also help ensure that no user can can be locked into any service, giving them the ability to now download their data and move it to a competitor.
In the past, our beliefs that one person was unlikely to affect change against multi-million dollar corporations made it easier to submit and compromise our data without knowing any better. But now, the ability to band together in a class-action lawsuit to advocate on behalf of the public interest as a whole is putting more power in the individual to protect what’s rightfully theirs.
And these changes are no small feat for corporations. As Eduardo Ustaran from the law firm of Hogan Lovells told The New Yorker (Powles, 2018) the level of anxiety for many of these companies is at an all-time high. “For large multinationals, the staffing can be three hundred to five hundred people working on G.D.P.R. compliance,” he stated. “The effort and expense is huge—big companies are easily spending over fifty million dollars in preparation.”
How Does this Affect You?
As NY Times (Satariano, 2018) explains, “some of the tools companies develop to comply with the G.D.P.R. might be made available to users whether they live in Europe or not. Facebook, for example, announced in April that it would offer the privacy controls required under the new law to all users, not just Europeans.”
But as of right now, even if a company chooses to change its policy for all users, only those covered by the G.D.P.R. – those in the E.U. – will have legal recourse. But you can take advantage of the second-hand benefits of being reminded how your information is being used to make important decisions about you, from qualifying for loans to making purchases.
With G.D.P.R. influencing many leading companies to make global changes and causing user attitudes to change along with it, however, we could see a lot more direct effects hitting home in the near future.
Powles, J. (2018, May 25). The G.D.P.R., Europe’s New Privacy Law, and the Future of the Global Data Economy. Retrieved June 9, 2018, from https://www.newyorker.com/tech/elements/the-gdpr-europes-new-privacy-law-and-the-future-of-the-global-data-economy
Satariano, A. (2018, May 06). What the G.D.P.R., Europe’s Tough New Data Law, Means for You. Retrieved June 9, 2018, from https://www.nytimes.com/2018/05/06/technology/gdpr-european-privacy-law.html