New European privacy regulations that were to go into effect on Friday will force companies to be more attentive to how they handle customer data, while bringing consumers both new ways to control their data and tougher enforcement of existing privacy rights.
The European Union General Data Protection Regulation (GDPR) replaces the bloc’s patchwork of rules dating back to 1995 and heralds an era where breaking privacy laws can fetch fines of up to 4% of global revenue or €20 million ($23.48 million), whichever is higher, as opposed to a few hundred thousand euros, Reuters reported.
Many privacy advocates around the world have hailed the new law as a model for personal data protection in the Internet era and called on other countries to follow the European model.
Critics, though, say the new rules are overly burdensome, especially for small businesses, while advertisers and publishers worry it will make it harder for them to find customers.
The GDPR clarifies and strengthens existing individual privacy rights, such as the right to have one’s data erased and the right to ask a company for a copy of one’s data.
But it also includes entirely new mandates, such as the right to transfer one’s data from one service provider to another and the right to restrict companies from using personal data.
Activists are already planning to leverage the right to access one’s data to turn the tables on large Internet platforms whose business model relies on processing people’s personal information.
That means companies will have to put in place processes for dealing with such requests and educating their workforce because any non-compliance could lead to stiff sanctions.
Studies suggest that many companies are not ready for the new rules. The International Association of Privacy Professionals found that only 40% of companies affected by the GDPR expected to be fully compliant by May 25.
Add new comment
Read our comment policy before posting your viewpoints