The Future of Compliance & Data Privacy
By Michael Fiorito, VP of Business Development at MDS
What is GDPR?
General Data Protection Regulation, or GDPR, is a set of regulations developed to protect the data and privacy of EU citizens. GDPR is the most impactful change in data privacy regulation within the last decade. GPDR asserts more control of personal data to EU citizens. Because of the threat of hefty charges for non-compliance, organizations have begun to take it seriously. Companies can get slapped with fines as high as $23 million or 4% of annual global turnover for infringements of articles under the new regulation (there is more GDPR info available here).
Slapped in the Facebook
As a direct result of the Cambridge Analytica scandal in November 2018, Facebook received the maximum fine of $663,000 USD from the Information Commissioner’s Office. This was the largest financial penalty available under the 1998 Data Protection Act. If full GDPR regulations had been applied, the charges would have been much higher. While this hardly even meets a rounding error for Facebook, it shows that data privacy is being taken seriously.
GDPR is an EU regulation. It is the opening act for data protection and privacy. We can be sure that GDPR will serve as a reference model for other countries to develop their own framework.
Some companies in the United States are required to comply with GDPR. However, we can expect that other states will implement regulations like the California Consumer Privacy Act (CCPA). Expect a global proliferation of similar regulations.
But the fact is meeting GDPR and CCPA compliance is only the tip of the iceberg. Organizations should take data privacy seriously. This means continuing to dedicate efforts and resources towards creating a strategic, innovative and complete global data program.
Take Back Your Day
Learn how the latest technologies can free up your time so you can focus on your business