Online activities generate data that can be collected, stored, and shared. Shopping online, interacting with social media, installing mobile apps – all these actions leave a trail of data. Depending on the consumer’s location, these practices have remained largely unregulated – until now.
Starting May 25th, all businesses that engage with European citizens must adhere to new data privacy practices in Europe. The General Data Protection Regulation (GDPR) will replace the European Union’s previous data directive governing consumer data collection, storage, and usage, and aims to give consumers more protection and greater control over their personal data. One misconception about the GDPR is that it only impacts the 28 European Union countries. The regulation’s reach extends not only to European countries but also to countries outside the EU hoping to transact with European consumers.
Consumers will have more confidence in the privacy of their data. Brands must provide additional safeguards and processes to protect their consumers.
Under the GDPR, potentially crippling fines – up to €20 million or 4% of global revenues, depending on what’s greater – will be levied against businesses that fail to comply with the new law. While all companies are vulnerable, those with poor data-protection practices or those that incur data breaches due to their own negligence are particularly exposed.
The GDPR will have sweeping implications around the world, and Europe isn’t the only geography bolstering data protection laws. Canada and Australia are in the process of revamping their privacy rules, too, with other countries following suit. More than two-thirds of US companies believe the new laws will force them to rethink their strategies in Europe – and 85% expect European companies will be better equipped to address the regulations and, as a result, will wield a competitive advantage.
Think of the GDPR as a kind of consumer bill of rights governing data use. Under it, consumers have a variety of rights: