The General Data Protection Plan

Scroll down to content

Has your inbox suddenly been spammed with “Updated our Privacy Policy” emails? Don’t worry, that’s just companies rushing to comply with the General Data Protection Regulation that went into effect on May 25th.

The GDRP plan is a set of rules that require companies to notify regulators about data breaches within 72 hours and keeping transparency for users on what data is being collected and for what reason. One of the biggest game changing rules to privacy is the right for EU residents to request access to review personal information gathered by companies. They will also have the power to request information to be deleted, correct incorrect information, and even have the information delivered in a portable form. When these requests are submitted, a company has 30 days to respond. However, if that company is not yet GDPR-compliant and incapable of responding, the data subject can then file a complaint with their local regulator.

rawpixel-651365-unsplash

Regulators are required by the GDPR to enforce the law. Regulators can fine companies up to 4% on their global revenue for violations of GDPR. Though 4% sounds small, a 4% fine on Amazon would cost them $7 billion. In Amazon’s case, although they report huge revenue, they have relatively small profit and would cost them over two years of profit. The GDPR won’t let regulators do nothing even if they are not ready to audit a company’s security or figure out how to protect EU residents affected by a breach.

Even though the GDPR is only applied to the EU and EU residents, many American technology companies do business in Europe and are rushing to become GDPR compliant as well. Americans cannot make data subject access requests however, nor can they request data to be deleted. But GDPR compliance is going to have spillover effects for them. As companies rush to keep up with the new regulations, it’ll only be a matter of time before all the pieces settle in place and keep up with the flow of the privacy protections of GDPR.

Photo by rawpixel on Unsplash
Photo by rawpixel on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: