Forget everything you knew about data protection
In 255 days, the new EU Global Data Protection Regulation*(GDPR) will come into force. Who’s counting? Well, millions are. And millions others should be. Because GDPR is the most significant change to data protection perhaps since the emergence of the digital economy.
By now we all know that data is the ‘new currency’. Some emerging business models have turned data mining into practically the new gold mining. Even if it’s not your core business, data is still the lifeline of nearly every modern industry. Yet, the (lack of) protection of personal data has also become a source of popular concern, especially in Europe. It is therefore no wonder that decision-makers have been growing more and more interested in ensuring data is properly secure.
EU regulators decided to take the lead. As of 25 May 2018, any data on any European citizen will have to be kept under strict privacy rules.
GDPR presents a new set of rules on how data should be collected, processed, retained, and deleted. It determines the time to inform on any breach (72h), the potential fine (up to 20 million euro or 4% of global turnover), and those responsible (pretty much everyone and anyone who had access to the data at some point). So yes, GDPR has a huge impact to business. It creates challenge as well as opportunities.
The jurisdiction of the new regulation does not depend on the location of the service provider but rather on the location of the customer (or person whose data is collected). This means, GDPR will definitely apply to the American tech giants who provide services in Europe. But even a local flower shop in Arizona or an independent artist in Brisbane will find themselves covered by GDPR if they want to take orders from anywhere in Europe.
The new regulation might therefore increase privacy norms all around the world. It would probably be easier for international companies to become entirely GDPR-compliant rather than setting up a distinct GDPR-compliant divisions only for European clients. It could also start a snowball effect among other national regulators who might follow-suit with similar regulations (immediate suspects include Canada, post-Brexit UK, and perhaps even Japan).
Many questions still remain; will GDPR constitute an obstacle for EU companies in the global market or rather give them a comparative advantage? Will we see a slowdown in the collection of Big Data or will rather the creation if new jobs for security specialists? Will the EU standards become the new global norms? And finally, will the industry be ready in time to comply with DGPR?
Join me and representatives of the European Commission, Co.Station, Proximus and Awingu on September 21th to debate and find some answers to these questions.
Wherever you are, make sure you’re ready for GDPR!
*The views and interpretations in this article solely represent the author and do not reflect the position of the European Commission.