One Year for General Data Protection Regulation (GDPR): How Global Players Affected?
It was exactly a year back, on May 25, 2018, a new data protection regulation stepped in, sending shock waves to the global IT industry.
The European Commission (EC) proposed the General Data Protection Regulation (GDPR)!
Termed as the game-changing data privacy regulation that the world has witnessed in years, GDPR proposed some stringent initiatives such as:
- Regulating the processing of personal data related to individuals in the EU
- Responding to rights requests within 30 days of placing the request
- Filing with regulators within 72 hours of a data breach incident,
Besides these to name a few, there are many such revolutionary data regulations that GDPR has introduced.
Over the last year, GDPR has shown some notable impact on major industry players across the globe, irrespective of region, size and service offering.
Here are some:
1) Following a data breach issue that compromised personal information, including emails and passwords of more than 3 lakh users, the Germany Data Protection Authority (DPA) charged ‘Knuddles- a web-based chat application’ with USD 22,500 fine
2) Search engine giant ‘Google’ was also charged a USD 57 million fine by the French data privacy authority ‘CNIL’ for failing to disclose information to users on how data was collected and dealt with for personalized advertisements
3) Social media leader ‘Facebook’ also faced a USD 652,000 penalty from the UK’s Information Commissioner Office (ICO) in the Cambridge Analytica scandal that involved illicit access to personal data of around 87 million users
4) UK’s ICO also charged Yahoo! with a USD 326,000 fine for a cyber attack in 2014, where critical information including passwords of 500 million users were exposed
5) British Telecom was also challenged with a USD 100,000 fine for sending an around 5 million unwanted marketing emails
6) US-based data analytics firm Equifax was also charged with an approximate USD 652,000 fine for a 2017 data breach issue that exposed sensitive financial information of around 15 million users to hackers
List not exhaustive! There are many companies that had to face such critical challenges due to GDPR initiatives about data privacy.
As a result of GDPR’s stringent measures, many firms began taking the following necessary actions pertaining to data privacy:
- Ensure employee compliance through operationalized privacy policies, and keep a strict eye on non-compliance
- Identify and map data sources
- Strict procedures to document, update and maintain data registers, logging information about storage systems and devices
- Employee training on ways to protect personal information
- Rethink on data retention and classification capabilities by updating records, implementing stringent data disposition practices and updating data classification programs
The entry of GDPR has completely changed the industry’s perspective to data governance policies, which was once on the back burner.
What’s Next? CCPA On the Way!
After the revolutionary GDPR that began last year, the IT industry has already begun preparing for the next big data regulation, the California Consumer Privacy Act (CCPA).
If your business is:
- Operating in California and has gross revenues exceeding USD 25 million;
- Buying, selling, receiving or sharing the personal information of more than 50,000 or more consumers;
- Deriving 50% or more business through selling personal information;
Then, data governance and privacy compliance are going to be more critical! CCPA will be effective from January 2020.
Stay tuned for a complete whitepaper on the CCPA regulation.