Legislation to protect the data of users is nothing new, but it has entered a new stage--one where the user has more control over their privacy than ever before. We’re talking, of course, about the General Data Protection Regulation, or GDPR, which has sparked a lot of discussion about how companies collect and protect data by its users. In fact, more data privacy regulations have begun to spring up here and there in response to the affect GDPR has had on the industry.
What is GDPR, and Why Is It Important?
GDPR was implemented last year with the intention of helping EU citizens with data protection regulations. It doesn’t just affect businesses in Europe, but any business that offers products or services to citizens of the EU. Here are some of the key points about GDPR and how it can affect businesses:
- Data consent: Companies that collect data must obtain permission from users in clear and legible terms (a yes or no answer). They must also disclose the purpose for collecting said data. It must also be easy to withdraw permission.
- Penalties associated with non-compliance: Data collectors and processors (including the cloud) can both be subject to fines associated with not collecting sufficient permission from users or conducting impact assessment.
- Breach notification: If a data breach is likely to cause damage to user privacy and user rights, then breaches must be notified within 72 hours of discovery. Users and consumers must also be notified of the breach.
- Data erasure: The subjects of data have the right to request that their data be erased or removed from those who collect it, as well as cease any dissemination of the data and even keep third parties from accessing it.
Of course, this isn’t all the information organizations should know about GDPR. Be sure to do some research into this and make sure your business is compliant, as if it’s not, you might face steep penalties.
California’s Privacy Data Concepts
A rather controversial privacy bill was passed in California in June of 2018, which prevents companies from collecting and selling user data. There was some disdain from social media companies about this bill, as they claimed there wasn’t enough time for the bill to be put to a public vote, but this is beside the point. The bill passed, and it will go into effect sometime in 2020. This bill will allow residents to ask companies what data has been accumulated by them, as well as any companies that have bought the data.
To be fair, this isn’t the GDPR, nor should you view it as such. It is simply a step in a direction toward a future where users have greater control over their data and companies are held responsible for the data they collect from users.
The California Consumer Privacy Act has made it clear that the people care about privacy and value it--as all people should. Therefore, it will be more important than ever before in the months to come that your organization is prepared to adapt and change its practices as defined by regulatory compliance and industry best practices. You can count on us to keep our fingers on the pulse of these developments.