What is GDPR?
In the interest of safeguarding the personal data and privacy of EU (European Union) citizens, the European Parliament adopted the General Data Protection Regulation (GDPR) in April 2016. It is a regulation that requires all businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. In addition, the regulation also puts constraints on the export of personal data outside the EU.
Under the regulation, all organizations that collect data of EU citizens will need to adhere to the rules laid down by the EU parliament by 25 May 2018. The GDPR will set new standards for consumer rights in respect to their personal data while creating challenges for businesses that put systems and processes in place to comply.
The regulation has sent ripples of concern among companies. The GDPR has a wide view of the details that companies need to safeguard and they are:
• basic identity information such as name, address and ID numbers
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation
Business that may acquire such data will have to ensure the same standard of safety for details such as an individual’s IP address or cookie data as they do for general information such as name, address, and social security number. Furthermore, two-thirds of U.S. Companies have shown concerns about the strategy used by them in Europe and 85% of these believe that GDPR has put them at a competitive disadvantage with EU companies, according to reports by Ovum, a neutral monitoring agency.
Why is GDPR needed?
A RSA Data Privacy & Security Report based on a survey of 7,500 consumers from France, Germany, Italy, the UK and the U.S, revealed that 80% had concerns with the primary concern being the loss of their their financial data. Losing security and identity information was a worry for 75% of those surveyed. In what could be construed as bad news for companies that deal with consumer data was the revelation that 62% of those surveyed by RSA would blame the company and not the hacker for the compromised or lost data.
The issue of lack of trust in the way that companies handle the personal data of consumers has pushed 41% to give wrong data when required to provide data online in order to avoid risking their real information being leaked or compromised. In case their data is leaked, consumers blame the company and are unforgiving, saying they will stop using its services or products. They would rather shift to companies that take the safety of their personal data more seriously, said the report.
Companies that don’t comply with the GDPR by 25 May 2018, will have to pay a hefty penalty of €20 million or 4% of their annual global turnover, whichever is higher. The Ovum report suggests that 52% of the companies are afraid of penalties being imposed.
‘The single most significant regulation in the history of digital advertising’
All publishers, big or small, and magazines in Europe and the U.K. will be subjected to GDPR compliance by 25 May 2018. By adhering to the new regulations, Openx, an independent advertising technology provider, became the first publisher to comply with GDPR four months before the implementation of the regulation.
Doug McPherson, chief administrative officer and general counsel at OpenX, commented in a press release, “GDPR is the single most significant regulation in the history of digital advertising.”
Moreover, according to Reuters, Google requires publishers to obtain consent from their users for data collection which is the main aspect of Google’s ad-serving business.
A group of publisher trade groups has sent a letter to Google parent Alphabet expressing dissatisfaction with Google’s plans concerning the European Union’s new General Data Protection Regulation, Reuters reports.
The letter, from the News Media Alliance, Digital Content Next, the European Publishers Council, and the News Media Association says that Google aims to require publishers to get user consent for the data collection that’s the key component of Google’s ad-serving business.
Publishers were also displeased that instead of a “processor” of data as defined by GDPR, Google aims to be a “controller,” giving it more power to use information such as reader data, Reuters reported. “Your proposal severely falls short on many levels,” the publisher groups wrote to Google Chief Executive Sundar Pichai.
The plan “would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law,” they wrote. Google couldn’t be reached for comment, according to the Reuters report.