Sound familiar? You might have attended World Trade Center San Diego’s roundtable about Data Protection and Privacy Regulations for EU and APEC back in January.
Here’s some background:
Two years ago, the European Union adopted the GDPR, a regulation that harmonizes data protection and privacy laws for all EU individuals. We say EU individuals because the GDPR applies not just to EU citizens but also residents, workers, and even foreigners whose data is collected while on EU soil. Companies were given a two-year transition period to decide upon and execute a compliance strategy.
Some of the key issues addressed in the GDPR are:
- Enhanced rights of data subjects
- Digital consent
- Right to erasure
- Right of access/data portability
- Responsibilities of the data controller/processor
- Data Protection Officer (DPO) requirements
- Handling of data breaches
- Penalties for non-compliance
The GDPR is a complex legal framework that has been shrouded in controversy from the start. Some have argued that small businesses will be disproportionately harmed by the cost of compliance despite the initial target of the legislation being data giants, such as Facebook and Googl e. Not that compliance has been a breeze for those two companies either. As the EU’s judiciaries build precedence around this topic, the important thing for companies to do at this moment, is to ensure that their privacy policies and marketing efforts comply with the updated regulations.