If you’re a business handling personal data, you’ll know: GDPR has changed everything. No longer can organizations freely collect data on people around the world. Now, no matter the organization location, they’re still expected to treat EU citizen personal data in accordance with the GDPR
The fundamental goal of the GDPR is to put the consumer in firm control of their personal data.
That’s an understandable goal given the widespread data breaches that have occurred. Or even the misuse of data by online companies. Indeed, 92% of EU citizens reported being worried that mobile apps collected their data without their consent. Most people also believe companies secretly misused their data.
A few years ago, such claims would have been met with scepticism. It was the realm of conspiracy theorists.
Moreover, the Facebook-Cambridge Analytica scandal exposed how Facebook data could be harvested on a vast scale without users’ consent. This led to a significant backlash against Facebook, as many were concerned the information had been used to shift the outcome of critical elections.
Nor is Facebook alone. Uber, Google, Apple, and more have all come under fire for the invasion of privacy.
That’s why the EU government began testing the GDPR in 2016, before full implementation in 2018. Now, all organizations worldwide must comply with the data regulations.
But what does this mean for business and consumer technology users?
Almost everyone online will have noticed the cookie request bars that pop up on every site. They’re annoying, sure. But there’s also a sign of a changing culture. No longer is the personal data collected out of a data subject’s hands. Instead, they merely lend their data to an organization.
That’s because of the strict consent requirements embedded in the GDPR. Consent cannot be hidden in jargon nor be vague and all-encompassing. Instead, users must be clearly informed on what personal data is being collected and why. Then, if they later decide they want to participate anymore, they can ask for their data to be deleted.
In short: only yes means yes.
In an ideal world, only you could look at your data online unless otherwise stated. That’s not currently the norm. Although, with GDPR, that’s rapidly changing.
Already banks perform end-to-end encryption to protect your financial information. But so does Google and Facebook – even though it’s not strictly necessary. Now, everything sent online may become encrypted.
That means no more data breaches. If the data is exposed, it will only contain harmless encrypted files – not your most critical personal data.
When the internet first started out, it was the wild, wild west. Everything was possible; anything went. That’s no longer the case. With vast companies now controlling significant portions of the web, it’s time to regulate and reign in their practices.
The GDPR does just that.
If an organization wants to collect your personal data, it must now do so under the strict eye of the EU. Failure to do so opens them up to fines. It also allows users to seek compensation for material and non-material damages resulting from regulation violations.
Nobody is above the law. Not even big tech firms like Google, which was fined by the French Authorities for improper informed consent.
People have lost trust in the internet. Gone is the initial dream of freedom envisaged by the internet’s founders. Today, it’s presumed that vast corporations like Google or Facebook are using personal data for nefarious purposes.
The GDPR tackles this problem head-on.
GDPR non-compliance comes with some tough penalties. Either 4% of annual global revenue or €20 million – whichever is highest. With consequences comes law and order. It knocks unruly online giants into line and ultimately yields greater trust in the internet.
That’s particularly true when regular people see major corporations being held to account. For example, British Airways faced fines of €200 million for a data breach in September 2018. Meanwhile, Marriott International was fined tens of millions for a data breach between 2014 and 2018.
With great rights comes great bureaucracy. Not everything about the GDPR is perfect. Though for the average business and consumer technology user, the downsides are more of a nuisance.
Every form must now contain ample information about what is being consented to. There must always be consent boxes and opt-outs scattered through an organization’s online presence. Moreover, even in B2B interactions, once commonplace activities are no longer possible.
For instance, you cannot exchange business cards then enter the information into your company’s mailing list. There’s no paper trail, no written consent.
For smaller companies, that places a significant bureaucratic burden on their activities. It also limits opportunities for users that once existed by restricting the flow of data. Considering many of the greatest
recent innovations have spawned from big data analytics – the results may be slower progress going forwards.
Nevertheless, the GDPR is here to stay. Overall, that’s probably for the best. Personal data is too important to be subject to frequent data breaches or left to the whim of tech companies’ morality. Instead, like health data, personal data should be subject to stringent regulatory protection.
With companies regularly fined for breaches, it demonstrates the need for regulation. But also, the difficulty for companies to always remain compliant.
Ultimately, however, increasing business and consumer technology users’ trust can only be a good thing.