Technology has advanced a lot in the past twenty years. Majority of us are now connected to the internet with at least one or more devices, constantly browsing the internet and sharing personal moments over social media.
We’ve really come a long way in terms of technology and that is also the case for companies. From tracking our habits and behaviours to targeting ads, companies have long mastered the skill of monetising individuals data.
One of the most recent scandals, was with Cambridge Analytica. The incident where an estimate of 87 million Facebook profiles were harvested to influence the 2016 US election caused an uproar, with Mark Zuckerberg (Chief Executive of Facebook) testifying before Congress.
However, as the events unravel, it becomes more evident that there is little that can be done to regulate the company as illustrated by the company’s share rise following Zuckerberg’s day in congress. In fact, this rise in shares was their biggest one-day gain in close to two years.
What is GDPR?
As companies are gaining more power with little at stake, it is becoming evident that there needs to be regulations in place to help protect individuals.
The EU General Data Protection Regulation (GDPR) is an effort to rectify the current state of affairs. Coined as “the most important change in data privacy regulation in 20 years”, it is a provision that requires businesses to protect personal data and privacy of EU citizens.
Set to enforce on the 25th May 2018, the GDPR will be a challenge for many companies as they prepare for the changes. In a survey conducted by Propeller Insights said that 53% saw the technology sector being most impacted by the GDPR, followed by online retailers and software companies.
What the GDPR reflects is a growing public concern for privacy protection and a distrust in major companies towards the handling of personal data. The effects of the distrust from the public on how companies may handle their personal data is also an interesting one. According to an RSA report on data privacy and security, due to concerns of data being resold and unwanted marketing, 41% of respondent said they would intentionally falsify data when signing up for services online.
What does this mean for the future?
While GDPR states that the rules would apply to EU citizens, GDPR would also have an impact on entities operating outside of European jurisdiction as long as they are managing EU citizens information. For example, if companies or even service providers manages EU citizens personal information when they work as expats in Asia Pacific region, GDPR regulation will also apply.
Under the GDPR, companies will have to report a breach within 72-hours. This stringent regulation would mean that companies will have to be more mindful and aware of the processes that goes into the handling of personal data. The GDPR will also be putting pressure on companies to be more responsible for the data they own rather than seeing it as a limitless mining asset.
We predict that GDPR will not only reshape how companies would operate in terms of technology and services but also the way companies manages their data and information security framework globally.
Is your company ready for GDPR? Learn more on the official EU GDPR portal.