European Union All Set to Welcome New Data Protection Law in May
Come May and the European Union will have a new data protection law, the GDPR, which would seek to secure the private information of EU citizens.
The GDPR ( General Data Protection Regulation) will come into effect on the 25th of May in the European Union; the main highlight of GDPR would be that it would require companies handling customers’ personal data to request consent from its customers before using the data for various purposes.
When the GDPR comes into being, it won’t be enough for companies to get customers to just click “yes” after scrolling through the exhausting set of terms in the fine print pages. They would instead have to be very clear and concise about their data collection intent and also as to how they would be using the personal data of the users/customers. This applies to data like names, addresses, IP addresses, browsing history etc.
The GDPR, which will be applicable to all publishers, banks, universities, tech companies etc that track user information across the web, applications and devices, would cover and protect people from all the 28 member countries of the European Union. They will get the protection even if their data is being processed outside of the EU’s jurisdiction.
The companies or website owners who handle personal data would have to declare whether the data they collect would in any way be used to create profiles of the users’ actions and behavior. European Union citizens, as per the GDPR, would have the right to access the information that companies gather and store. They can even correct inaccurate information and limit the use of decisions that algorithms make.
A highlight of the GDPR would be that children’s data would be getting strong protection; those under 16 would be able to access information society services only with parental approval.
With the GDPR getting implemented, businesses would have to appoint someone in the European Union as a liaison with the regulators and companies that have more than 250 employees would have to recruit a Data Protection Officer, whose job it would be to ensure that the company remains GDPR compliant. Reports suggest that companies are all set to spend big money to comply with the GDPR. Bloomberg reports– “The world’s 500 biggest corporations are on track to spend a total of $7.8 billion to comply with GDPR, according to consultants Ernst & Young.” The report further says- “Microsoft Corp. has 300 engineers working to ensure its software is GDPR-compliant. At Krones AG, a 15,000-employee German producer of bottling equipment, almost 60 people are involved in GDPR preparations. “The bigger an organization is, the bigger a nightmare it is,” says Julian Saunders, chief executive officer of Port, a U.K. startup selling software that helps clients control who gets access to data and creates audit trails to monitor privacy.”
Though the GDPR has been in the making for almost a decade, many companies outside Europe hadn’t bothered much about it till recently. The Bloomberg report says, “Even so, many companies outside Europe have only recently awakened to the fact that GDPR affects them. And few can be sure they’re really ready, with researcher Gartner estimating that more than half the companies affected by GDPR won’t be compliant by the end of the year.”
The GDPR intends to change the landscape of how data is being gathered and handled by companies and to give users more control over what they want to share or not. There are of course critics who point out that the law is too vague in important aspects.
Kevin Jones905 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.