The EU General Data Protection Regulation (GDPR) is designed to establish a single set of rules for data privacy across Europe and to strengthen consumer protection. The GDPR has been under discussion for several years as we continue to live with the legacy of the law failing to keep pace with technological development. Under the new data regulation laws organisations will be required to take on greater responsibility.
Remember the cookie law, the reason why we now have to deal with banners and pop-ups? GDPR requirements are similar to those of the cookie law but this time there are stringent fines for non-compliance. Proposed penalties will be up to two per cent of an enterprise’s global annual turnover. The GDPR aims to bring clarity to the privacy information currently hidden behind the tick-boxes with which we are so familiar on European sites.
The GDPR will impact many areas of business operations, including sales and marketing departments. Inevitably, however, digital interfaces will be at the forefront as organisations are challenged to comply with the regulations and to make significant changes to data protection and security without adversely influencing the customer experience. The GDPR will impact any organisation which gathers, processes or stores personal data; any information about an individual, whether it relates to his or her private, professional or public life. Companies will be required to adapt to the new regulation over a period of two years.
There may also be implications for global organisations as the new law will not only apply throughout the EU, but also to companies based outside the EU with a presence in the market, and jurisdiction will be tied to the offering of goods or services to EU citizens or to the monitoring of their data.
This month the European Council approved its version of the GDPR and the next stage is for the European Commission, European Parliament and European Council to jointly agree on the text of the regulation, with the development of a final version scheduled for December 2015.
“It will ensure a high level of protection for citizens. It will equip them to exercise their fundamental rights in the digital world. This will increase their trust in the digital economy.” Commissioner Věra Jourová’s remarks