One morning you get up and surprise! You find that someone has leaked your data without your consent. Well, to save you from such unpleasant and unwanted surprises, GDPR comes as your savior. Recently, Facebook leaked data or to be more precise shared data with Cambridge Analytica without the consent of the account holders. Since then, Mark Zuckerberg, Chief Executive of Facebook has received quite flak for this breach in privacy. Not only Facebook Cambridge Analytica scam, there are many such episodes in the past where data leaks have taken place. In response to all these data leaks, European Union (EU) rolled out a new law, General Data Protection Regulation (GDPR).
This new law seems to tame the tech giants and make the consumers king of their personal data. Individuals will now be able to monitor their data. Account holders can demand the companies to delete or reveal their data. They are entitled to know that how, where, and what purpose of their data is being used. GDPR will ensure that no such Facebook-Cambridge Analytica episode will happen again. Not only social media platforms but also banking, IT, and advertising sectors will be under GDPR’s watch. Tech titans have started updating their privacy policies and terms & conditions. According to GDPR, companies must notify the users in case of data breach. They need to notify regulators and individuals whose data has been shared and the third party with which it has been shared. Facebook, for example, recently introduced tools that let its users manage, control, edit, review, download, and delete information that is shared on/with Facebook as well as with third-party entities.
Companies must also enhance security policies. In case, the individual wishes to delete the stored data, he/she has the right to request for the same. If the requests for data erasure are less, companies can escape the operational impact by handling the request manually. But if ‘Right to erasure’ gains momentum, companies may need to maintain thorough data inventories, increase data governance, and re-build key systems to more efficiently process these requests.
For companies with large user database, it will be mandatory to appoint Data Protection Officer (DPO). The DPO should be expert in project and program management as well as in other areas such as risk assessment and compliance monitoring skills. Again, this will pose as a challenge for the tech giants, as for such skilled resume in EU are in short supply.
GDPR is “a good thing because it will help restore trust. Instead of impeding progress, GDPR and other consumer protection regulations reset the balance between advertiser and audience by giving consumers more control, directing technology be employed for more noble uses, and compelling marketers to interact with consumers in more meaningful ways that create positive sentiment and ultimately restore trust,” stated Michael Priem, founder and CEO of Modern Impact, a technology and advertising firm based in Minneapolis.
On the contrary, GDPR may ban some teen users from accessing social media, leading to a dip in number of users of tech honchos. Teenagers under 16 can use social media with parental consent, which makes it tad bit difficult for the companies to balance between complying GDPR and maintaining the number of users. GDPR’s violation policy will keep the firms on toes as violation policy of GDPR implies up to 4% of global annual revenue.