In May the European Union’s comprehensive data privacy regulations will have been effect for one year. Anyone still in doubt regarding the seriousness with which these rules are being enforced should consider that in the first nine months alone more than 59,000 data breaches were reported and 91 fines were assessed, including:
Even CCTV owners are accountable - in Austria a retailer with a closed circuit camera in front of the store was fined for violating the privacy of passersby in what was determined to be “public space.”
An analysis of regulatory scrutiny reveals a pattern to specific areas of concern:
It is significant to remember that GDPR authority to impose penalties does not stop at the borders of Europe. As the examples above indicate, any corporation conducting data collection or processing within the EU member states is subject to penalty regardless of the location of its headquarters. And the fines are significant - minor infractions can result in assessments of up to 12 million Euros or 2% of annual revenue; for serious breaches those numbers are doubled.
Although data privacy has become effectively federally regulated within the EU, the United States remains far behind in developing uniform rules. Data privacy falls under the purview of the Federal Trade Commission and eight other agencies where little progress has been made to address the concerns embodied by the EU standards.
Into the breach come the individual states, with California enacting GDPR-like regulations that become effective in 2020. As many of the tech giants are located within California the pressure will only be increased for them to clean up their business practices and provide users with greater control over how their personal information is collected, processed and distributed.
U.S. companies would be well-served to adopt effective data management programs and consider the following:
Although the privacy genie is long out of the bottle, corporations are subject to financial and shareholder pressures that transcend state, federal or EU regulation. However self-serving, these influences may be the last bastion of defense against an implacable tide that seems forever rising.
For further reading on this topic: