The General Data Protection Regulation (GDPR) was put into effect by the European Union. It is a legal structure that creates new ruled in regard to the collection and processing of personal data. The data protection policy intends to add another level of defenses to personal data. The GDPR also applies to all companies that deal with the data of citizens of the European Union. This policy has impacted many banks, insurance companies, and other worldwide institutions.

The History

Data privacy will only become more important as the reach of technology increases. We hear about more data breaches and system break-ins every day. It is a growing concern that every governing body needs to address. The GDPR was enacted in April 2016 and adds to the EU’s standard policy of protecting their people’s data. The regulation has set guidelines for data management and the rights of the individual people.

The GDPR also established sanctions such as fines and revenue-based penalties. The fines can be as hefty as 20 million euros or 4% of a company’s total global revenue. This regulation didn’t affect all across the EU on May 25, 2018. There are mandates that demand getting consent for data collection and notice in case of a hack or breach. It will also encourage companies to have stricter disaster recovery plans in place. These restrictions were enacted to mitigate companies collecting data without permission or trying to sweep data breaches under the rug.

The Consequences

Any company that falls under the effect of GDPR now has to designate in-house dedicated data protection services. They are also encouraged to begin using aliases on personally identifiable information so that the data is difficult to trace back to a specific person. Before this privacy law, there was the growing trend of companies using massive amounts of data to predict future sales. This regulation will hinder that practice.

One purpose of the GDPR is to force companies to reduce the amount of data they require to complete a transaction. In the past, the practice was to collect as much data as possible and use it to see trends in sales. Companies would then use these patterns to better market to consumers.

The Criticism

There are parties that are opposed to the new policy and the rules it lays out. Many are calling the establishment of data protection officers an administrative hurdle too tall to leap. One challenge is that data cannot be sent to a country outside the EU unless the company can guarantee the same level of protection.

This aspect of the GDPR greatly affects cloud services and cloud storage. Cloud data protection is already touted as top-notch, but this policy will challenge that reputation. Personal information and data in the cloud environment will have to be regulated to the GDPR standard. This will bring new costs as companies will have to spend money to educate their people on data protection. Most challenging of all, data protection agencies from all over the EU have to agree on a standard level of protection. This will not be an easy task as everyone has different views on the guidelines and different ideas on what is enough protection. Companies now have two years to meet the guidelines set out by the GDPR. Many have already announced their new plans and strategies. It remains to be seen exactly how this new policy will affect business practices. With luck, it will reduce the fallout from data breaches and hacking events.