As your inbox probably reflects, in the weeks, days, even hours leading up to the General Data Protection Regulation (GDPR) going into effect on May 25, corporations and businesses were busy informing users of their updated privacy policies. Now that the new privacy law is underway, what is the impact?
As reported by Time and other news outlets, in order to comply with the GDPR, corporations needed to meet specific requirements, such as:
- explicitly ask if they can collect users’ data
- respond to inquires about what personal data will be used for
- provide the right to permanently delete personal information
- disclose data breaches within 72 hours
While the GDPR only applies to EU citizens’ data, Time, The Verge and others remind us that many users in the United States will experience “secondhand benefits” of users abroad having control over their own data security.
Some companies who sought to simplify implementation made global changes to their privacy policies. There could be more if, as experts predict, U.S. users’ attitudes toward privacy change.
Quartz provides a clear example of how the new law will affect a U.S. business.
“[S]ay a US-based retailer is running a campaign in Germany that requires the user to submit their email address. The retailer would 1) have to explain how their email address will be used, and 2) ask the user for their permission to use their email (no link to an attached Terms and Conditions document or default check mark in the box is allowed). Once the US retailer gets permission to use their email address, the retailer would have to appoint a representative in the EU to be responsible for following GDPR in their collection and processing of that data in the Cloud.”
Another effect is the penalties for non-compliance. Also courtesy of Quartz:
“[T]here is a tiered approach to fines under GDPR based on the seriousness of the infringement, capping out with fines up to 4% of annual growth or €20 million, whichever is greater.”
While the efforts to comply with the new law have been serious, the Internet being the Internet has also added humor. WIRED has a number of GDPR memes for your enjoyment.