In 2018 data privacy was altered forever. From social media issues to the European Union’s new General Data Protection Regulation, data privacy has surged to the forefront of today’s business issues. Looking at how the GDPR has changed internet security in 2018-19, how does this currently affect individual data privacy, and how does it affect you?
Before the GDPR, individual data privacy was generally managed by the individual. In non-EU circles, it generally still is, but the GDPR responded to concerns about the use of personal information for corporate financial gain. In profiting off the capture and sales of names, addresses, email addresses, as well as medical and financial information without express permission., the largest corporate tech companies created revenue by invading people’s privacy.
Prior to the ratification of the GDPR, EU member states created their own data protection laws. This trend was rejected in the United States, but now US corporations that do business globally had strict new guidelines to meet in order to be able to use individuals’ data. The GDPR now required all businesses to report certain kinds of personal data breaches within 72 hours to an EU supervisory authority.
This not only gave the consumer rights in the collection and distribution of their personal databut also showed businesses how important data management is to customers, without whom commerce would evaporate. Before the GDPR, few organizations considered how a failure to protect customer, staff, and vendor information could hurt anyone but themselves. GDPR regulations led to a wholesale change in data management, staff training, and the level of investment in IT security.
One year after the ratification of the GDPR, the results are mixed. Companies have notified regulators of more than 59,000 personal data breaches. Sanctions for noncompliance carry serious fines; up to €20 million, or up to 4 percent of total revenue from the previous year. This has resulted in an equally serious approach to data security and security breach reporting. For a look at the first 8 months of the GDPR’s results, download the DLA Piper GDPR data breach survey, here.
On the one hand, we’re seeing a big improvement in data breach reporting speed. The mandate gives companies up to 72 hours to notify breached parties, so situations like the Yahoo! breach where customers were not alerted for a year are unlikely. We also have about a 100% increase in incident reporting.
On the other hand, the companies responsible for the 59,000 reported incidents have paid fines adding up to €55,955,871. When you consider that around 90 percent of that amount was a single fine paid by U.S. tech giant Google, that’s actually not as bad as it looks.
Also, a French GDPR regulator suggested that this could be attributed to the fact that the regulations are new rather than ineffectiveness of the law. As long as regulators are actively enforcing the law, it should remain effective.
Similar to what happened in 2018 when the GDPR followed EU member state laws, American data privacy law is changing. Soon after the GDPR went into effect, the state of California passed the California Consumer Privacy Act. Colorado, Massachusetts, and Ohio quickly followed suit.
This is good news for individual privacy in the U.S., and it’s about time, considering some of the things that have happened to online consumers in the US in recent years. Federal lawmakers are still shying at jumping into the data privacy arena, but when states begin passing laws that change the norm, the U.S. Congress typically follows.
Want more information about the GDPR and its implications for your business? Subscribe to our blog, or call one of our IT professionals at (973) 882-4644.
Comments are closed.