GDPR And Its Impact

מאת EMG SOFT
בתאריך 22 יולי, 2018

GDPR And Its Impact

GDPR And Its Impact

For more information about GDPR for software please contact amos@emg-soft.com

As the internet penetration is increasing European Union is raising its standards of personal data privacy. From this General Data Protection Regulation (GDPR) is going to be imposed so, rules and whole pitch would be different for the companies storing, collecting and processing user information like Google and Facebook.

These new amendments will impact the users beyond the borders. Every company that is either operating in Europe or have European users must follow the strict GDPR terms. This law was introduced in April during Mark Zuckerberg, Facebook CEO testimony. This decree is a very positive step for internet because it gives privacy and security to its users and makes it more transparent.

No doubt GDPR is going to be a major factor in steering not only Facebook data privacy policies but also other similar companies. Banks, health care providers and other companies dealing with sensitive personal data have to comply. EU is setting a standard globally for data privacy.

Recently there were lots of security breaches that have exposed not only credit card information but also other sensitive personal data. This list comprises of big names like Uber, Orbitz, Saks and Lord & Taylor. So, the timing of this decree is quite auspicious. This law is basically highlighting the that how companies are generating revenues from the collected data.

So, GDPR is going to change the whole outlook of online transaction, apps, services. Here is what we need to know about this law.

What is General Data Protection Regulation (GDPR)?

GDPR legislation was approved in April 2018. This amendment replaces directive governing data protection law passed in 1995 and aims to harmonize 28 nations included in European Union. Changes in existing resolutions include:

·        Intense punishment or penalty for noncompliance

·         Increase the understanding level of what is personal data privacy among civilians.

·        Clarification of roles and responsibilities of controlling and processing authorities.

·        Restructuring of enforcement authorities to one supervisor per state.

·        Unification of rules for how personal data of European citizens.

·        If there is a breach in data companies must inform users within 24 hours

Data Protected by GDPR

The decree includes a comprehensive range of personal data including name, ID numbers, contact numbers as well as IP addresses, credit card numbers, digital fingerprints and cookies.

EU protection supervisor defines it in GDPR as;

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

GDPR effect on Social Media

Social Media companies and many online services providers have updated their privacy policies and terms and condition in order to cope with change in legislation. But the most scrutinized company is Facebook given to the recent events where millions of US voters had their personal data embezzled by consultants working under Donald Trump was accused. Facebook’s track record is not crystal clear in the past where Facebook along with its subsidiary claimed that they own users profile data and photos.

GDPR clearly states that this kind of activities is not acceptable. No one has right misuse the users personal whether he is a CEO of the company or president of a country.

A large number of companies are sending notifications and alerts to its users about the latest privacy policy and terms and conditions. Companies like Apple has also changed its policy by introducing new privacy management tools which enable users to get a copy of their data, account deactivation or request of data correction.

GDPR Impact on Hacks and Breaches

GDPR makes it mandatory for the companies that are hacked, breached or have lost customer data control to inform users within 72 hours. And if the companies don’t follow the stated clause then they have to pay up to 4% of their annual global revenue as a penalty. Let’s suppose if Facebook fails to comply then it must pay a penalty of $1.6 billion which is 4% of 2016 annual revenue (Annual Revenue $40 Billion).

GDPR stance on Rules for Minors

This legislation makes obligatory for organizations and business to obtain parental consent to enable data processing for under 16 children.

Scalability of GDPR

Most of the companies have their own rules and regulations regarding data breaches and other privacy issues and mostly these laws are applicable to the limited type of data i-e Financial information. So different countries are trying to follow the changing need and are adopting this decree.

Let’s take the example of US the SEC issued guidance last month on how companies should disclose their risks and breaches. But both US and European consumer groups are joining hands and forming alliances to make companies adopt GDPR standards especially including personal data definition and other clauses of law.

Conclusion

So, in short, GDPR is a very positive step by European Union which is not only changing and improving online data security but is also forcing other countries to adopt this legislation.

מאמרים נוספים...
 
  • לצפייה בכל המאמרים