What does the GDPR mean for me?
The Official Explanation
The highly anticipated General Data Protection Regulations, (GDPR), were recently codified to strengthen and unify data protection for individuals within the European Union. Seen as a major step towards protecting an individual’s privacy, the agreement replaces the 1995 Data Protection Directive. Enforcement of GDPR is set to officially begin May 25, 2018.
My Unofficial Explanation
The European Union finally took steps to penalize companies that sell or fail to protect customer’s private information. Is this a money grab or an honest attempt to protect consumer information? More importantly, how much longer before the U.S. adopts a similar bill.
In today’s digital economy, the value of a consumer’s purchase goes well beyond the simple transaction of goods in exchange for money. In the online sales process, the retailer is collecting much more personal information about the consumer compared to the old brick and mortar transactions. Even more valuable, are the subsequent transactions that a retailer can accumulate and use the data to identify an individual’s preferences to create a buyer’s “personal profile”. Once a consumer gets profiled, they can be targeted from a sales perspective. And that information can be sold for more than the actual goods for cash transaction. Companies are spending hundreds of millions on type of target marketing. If you’re still not sure how valuable this information can be, think of the allegations about how Facebook affected the 2016 presidential election. Information is definitely a valuable asset.
GDPR is a good first step to preventing these types of data misuses. But consumers need to be proactive in protecting themselves. Some steps to protect themselves include:
- Clearing their cookies file.
- Clearing their browsing history
- Being more selective in downloading apps that request for to much access to their information.
Corporations are going to feel the impact. They will have to step up their fight against cyber treats and malicious software attacks to protect their customer’s privacy. In fact all data breaches must now be reported within 72 hours, currently many corporations wait months trying to resolve the issue before informing the public.
Another interesting aspect of GDPR relates to a very common “offline” issue. Think of businesses that record phone calls in their normal course of business. Typically a consumer would hear “calls are recorded for training and security purposes”. With GDPR, consumers have a right to not have their calls recorded and if they did choose to give consent, they can later withdraw it during the conversation. Now that is going to have implications to businesses everywhere!
In conclusion, there will always be new efforts to make a profit off information, how can anyone ever expect this issue of privacy to go away? So knowing the issue is not going to go away, I can only surmise that the U.S. will either piggyback the European Union’s GDPR regulations or develop a set of regulations themselves. To do nothing simply seems foolish.