With so much hue and cry over data protection and privacy, there is a new law that goes in effect from May 25 in Europe that will also affect a lot of users and businesses around the world. It goes by the name of GDPR, a.k.a. General Data Protection Regulation. For starters, this will be effective in Europe across 20 countries, but eventually, it might just be a blueprint for many countries in Asia as well as the USA that plan to make data privacy for users their utmost priority. In 2017 alone, the number of malware and ransomware attacks on various servers did give us a warning sign of how this so-called fourth industrial revolution will shape the world in which information has become synonymous to power. Cambridge Analytica scandal was probably a nail in the coffin. But GDPR is not something of a knee-jerk reaction by the European Union. It has been in the making for a while now, and all these malicious attacks and misuse of user data have just proven how it has become necessary to keep a check on companies that thrive their business on user data. At News18 Tech we try to answer all the questions you might have regarding GDPR.
What is GDPR?
The GDPR (General Data Protection Regulation) law will be implemented starting May 25, 2018, in Europe. It is a replacement for the 1995 Data Protection Directive. The Data Protection Directive till now has been used for setting the minimum standards of processing data in European Union. It was quite basic and there was a need to make it more stringent. The GDPR implementation promises to strengthen a number of rights that users will have over companies that rely on their data. Post-GDPR individual users can demand companies like Facebook, Google, WhatsApp to reveal or delete the personal data they hold. This will also be a pan European Union regulation that will help regulators to work in across the EU for the first time. Earlier regulators had to launch separate investigations in each jurisdiction. This most of the time gave companies loopholes to exploit and the enforcement of these regulations was tough. The minimum fine upon breaching GDPR is also reaching as high as 20 million euros or 4% of the companies global turnover. This is harsh for many companies and tech startups and will ensure that individual data protection compliance is kept at the highest priority by these companies.
What All Companies Are Covered Under GDPR?
In effect from May 25, GDPR will almost affect every company that you can think of. The biggest to take a hit would be companies that hold or process large amounts of consumer data. These will include your e-commerce websites like Amazon, tech companies like Facebook, Twitter, Google and even firms, marketers, data brokers and social farms that work for other companies for acquiring or processing consumer data. With huge sums of data, even complying with basic requirements of the GDPR will pose a huge task for many companies. Many companies right now don't have or have even implemented the tools for collating all the individual data that they hold on a user. This makes it a massive cleanup or reorganising of data for these companies.
The biggest impact of GDPR will be on firms and companies whose entire business model relied on acquiring consumer data and exploiting it for revenue gains. Now these companies will have to ask for consent from users whose data they hold and specifically tell them the purpose for which their data will be used. This consent will also have to be taken every time these firms try to use the data for some other purpose than previously agreed upon by the individual.
What Happens To The Big Tech Companies?
We all know that Mark Zuckerberg has been on a world tour to apologise and rectify his companies image when it comes to misuse of data. Facebook has gone on record to make their commitment to the GDPR compliance strong. Facebook has also launched a range of tools that unify privacy options for users as well as a recently launched 'Request Your Account Information' tool on WhatsApp. Facebook has also made sure that all old and new users opt for the new privacy policy and are even giving users an option of opting-in to facial recognition technology that is used to recognise you in photos that you or your friends post on Facebook.
Companies like Apple have also put in a new privacy dashboard and also gloated that they never really collected any personal data from its users, unlike their competition, so they didn't have much to comply with GDPR. Google on the other hand, which in a way controls the maximum user data in the world, went into a ninja mode to quietly update its products and privacy policies. I bet many didn't even notice how subtly Google did that.
Microsoft's India's President, Anant Maheshwari, recently wrote in a blog how, in February of 2017 Microsoft had announced that they would be GDPR compliant across our cloud services by the deadline. He wrote "We embraced GDPR proactively. It is also a matter of great pride that we have helped customers round the world be GDPR-ready ahead of time."