General Data Protection Regulation or GDPR in the European Union is modifying the way that companies all over the globe are getting and utilizing personal information. The new privacy law affects every organization that is transacting their business with people inside the European Union and is getting their personal information. Failure to act on this new law will result in a fine of either 4% of the company’s worldwide sale, or up to 20 million Euros, or which is higher of the two. The new law took effect on May 25, 2018.
Of course, many companies who want to continue their business dealing with the European people are complying with the new data laws, but others who are not prepared for this change are finding it hard to comply since it does cost up to $1 million to modify their privacy. There are companies who feel that the European market is not worth pursuing due to the amount of work it will take to comply with their new information protection law.
GDPR law includes making companies get a clear consent from users to use their data. There will no longer be terms and condition that are created with a bunch of jargons that most users cannot comprehend and does not read but are agreeing to in order to use the certain website. Now users have the option to opt out from using their data for targeted ads. Most especially, it is prohibited to collect information from kids below 16 years old without clear consent from their parents.
The data’s affected by the new law are credit card numbers, religious beliefs, travel records, biometric data from fitness gadgets, web search results, and internet and personal computer IP addresses.
Companies with more than 250 staff needs to hire a data protection officer or DPO who will make sure that the new law is followed. In case of a breach, the DPOs are responsible to report to the authorities within 72 hours, and if there is imminent threat to the user, then they will be notified. DPO will also need to be provided for companies that have less than 250 employees but are collecting high significant amount of data.
Consumers now have free access to the information gathered from them and how they are utilized. All data that are no longer useful or true can be deleted. For websites that already collected data’s, they needed to ask again for consent from the users.