How will GDPR enforcement impact your business?

In the wake of growing concerns about the theft and misuse of big data and personal information, the European Union (EU) has passed the General Data Protection Regulation (GDPR) enforcing the right to personal data protection of the individuals throughout the Union with effect from May 25, 2018.

What is GDPR?

The EU General Data Protection Regulation (GDPR) is new legislation aimed at protecting the data privacy of all EU citizens and residents. It aims to simplify the regulatory environment for international business by harmonizing the data protection acts among its member states. A very important component of the act is the control of the transborder flow of private data outside the EU and prevention of personal information abuse by entities outside the Union. Enforcement of GDPR has several implications for businesses, academia and non-profit organizations working on data collected or derived from EU nationals and residents.


GDPR Timeline of Events: GDPR started as European Data Protection Directive in 1995 with updates in 2012. In 2016, GDPR replaced the 1995 directive for a 2-year transition period. [Image Source: Email Brokers] 

Overview:

GDPR applies to any company, entity or organization operating within the EU, and also to organizations outside of the EU which offer goods or services to customers or businesses in the EU. This includes almost every major business organization in the world..

According to regulation, there are two types of data-handlers: data processors and data controllers. The definitions of each handler are outlined in Article 4 of the General Data Protection Regulation. GDPR enforces legal obligations on a data processor to maintain records of personal information and how it is processed, providing a much higher level of legal liability should the organization breach the regulation. Data controllers will also be forced to ensure that all contracts with processors are in compliance with GDPR.

Data protected under GDPR are: 

  • Personal data such as name, address, nationality and social security numbers
  • Web information such as location, IP address, cookies and RFID tags
  • Health and genetic records
  • Biometric information
  • Racial/ethnic profile
  • Political association/opinion
  • Sexual orientation

This means US companies like Facebook, Google, Snapchat and Instagram are not immune to disruption when GDPR takes effect. According to PageFair, these companies, under GDPR, will be unable to use the personal data they collect and hold for advertising purposes without user permission. 

Key changes:

Jurisdiction: The main update to the regulatory landscape of data protection comes with the widespread territory in which GDPR is applicable. That means all companies processing the personal information of individuals living in the Union, regardless of the company’s location, must follow the new regulation. GDPR will also apply to the processing of personal data, regardless of whether the processing takes place in the EU or not. That is, the legislation will also apply to the processing of personal data of individuals in the EU by a data controller or data processor not located within the EU. Non-EU business entities processing the data of EU citizens will also have to appoint a representative in the EU.

Non-compliance and fines: Under GDPR, entities that breach regulation compliance can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious violation. There is a grade-level approach to penalties, e.g. a company can be fined 2% for not having their records in order (Article 28), not informing the management authority and data subject about an infringement or not conducting an impact appraisal. It is important to note that these rules apply to both controllers and processors – e.g. internet cloud servers will be included in the regulation enforcement.

Consent: Organizations can no longer be able to use lengthy indecipherable terms and conditions full of legal jargon. Request for consent must be given in an understandable and easily accessible form, with the purpose of data processing attached to that consent. Consent must be unambiguous and distinguishable using plain language. It must be as easy to withdraw consent as it is to give it. 

Implications for businesses:

GDPR enforces one law across Western Europe and a universal set of regulations that apply to companies doing businesses within EU member states. This means the reach of the legislation extends beyond Europe, as organizations based outside the region but with operations in EU will still need to comply.

According to an estimate from Veritas Technologies, companies will have to spend an average of €1.3 million on systems and training to comply with the GDPR. In addition, estimates show that Fortune 500 firms will need to hire at least 5 full-time dedicated employees to handle the compliance monitoring. However, the European Commission (EC) claims that exercising a single regulatory data protection authority for the entire EU, over the long term, will make it simpler, easier and cheaper for businesses to operate within the region. According to EC estimates, implementing GDPR will save €2.3 billion per year across Europe.

GDPR encourages companies to espouse new technologies like pseudonymization to take advantage of collecting and analyzing personal data, while the privacy of their customers is protected at the same time. 

Data protection in other regions:

Starting from May 25, 2018, GDPR will come into full effect after the 2-year transition phase. Other nations also have updated their data protection regulations. For example, Singapore passed a data privacy law in 2012 that protects all of its nationals’ personal data. South Korea has strongest data privacy laws in the Asian region, even protecting its citizens’ images or voice. Australia’s Privacy Amendment Act, passed in 2012, was fully enforced in 2014 to monitor the collection, use, storage and disclosure of personal information, including making sure how companies are investing in new IT systems and staff training.

Comments

Post a Comment

Popular posts from this blog

The Successes and Failures of 3D Printed Prosthetics

The 3D printing industry has expanded rapidly over the last few years, with one of its most notable areas of application being the health and medical industry . Innovations include printing everything from medications to human organs , but perhaps the most commercially successful so far has been prosthetics. While 3D printing prosthetics allows amputees to get a hold of products for thousands of dollars less than traditional prosthetics, the methods and materials used are raising concerns. Successes of 3D Printed Prosthetics 3D printed prosthetics can greatly benefit children. The average lifespan of a prosthetic is five years, but in that time a child grows so rapidly that they will need a new prosthetic much more frequently. According to a statement made by the American Orthotics and Prosthetics Association, the average prosthetic costs between $1,500 to $8,000. This expense is often paid out of pocket rather than covered by insurance. By contrast, a 3D printed prosthetic cost
Read more

What are some of the latest waste-to-energy technologies available?

Image
Introduction: Landfills emit by-products like methane, dioxins and leachate (a toxic liquid that is formed when waste breaks down in the landfill and filters through waste), which, when left untreated, can leach into the soil, contaminating water sources, plants and even food. Waste-to-Energy (WtE) technologies that process non-renewable waste can reduce environmental and health damages, all the while generating sustainable energy. Types of waste: At present, waste is classified as the one of the following: Municipal solid waste (MSW) Process waste Medical waste Agricultural Waste Figure 1: Utility scale plants with different feeds The World Energy Council (2016) reports that according to the current rate of waste generation, global waste is estimated to reach 6 million tonnes/day by 2025. So, increasing utility scale WtE plants using MSW or agricultural waste would be a constructive way to deal with waste, as evident from figure 1
Read more

The Spiral Pump: Pumping Water Without Electricity

The spiral pump (also known as water wheel pump) is a hydraulic machine that pumps water without electricity. With the global efforts to reduce carbon emissions, the increased focus on renewable energy is making the spiral pump a viable option for pumping water, especially in rural areas and developing countries. Simple installation and low maintenance costs make the spiral pump a favorable, environmentally-friendly alternative.  What Is a Spiral Pump and How Does It Work? A spiral pump is constituted of a pipe wrapped around a horizontal axle, generating a spiral tube that is fastened to a water wheel. The water wheel is in flowing water, so that the water in the river provides the energy necessary for the rotation of the wheel. Hence, the spiral tube also rotates. When the inlet surface of the tube (the tube’s external extremity) passes into the river, water enters into the tube. This water volume moves toward the outlet of the tube (the internal extremity), at the center of the
Read more