GDPR fines may be the first step in a battle for privacy that EU companies must wake up to.
GDPR (The General Data Protection Regulation) was introduced in May 2018 as a means of ensuring EU citizens privacy, and even now firms are struggling to catch up. There are a wide number of internationally based websites that will reject traffic from EU27 countries, rather than risk falling foul of the regulation.
This isn’t a viable option for most businesses, and it requires careful attention to the legislation to ensure safety from any GDPR fines. GDPR will impact everything from marketing emails to blockchain, so there won’t be many businesses who aren’t caught up in the changes.
Being based in the US is no protection from GDPR regulation, thanks to the Privacy Shield. The Privacy Shield became active in 2016, and allows the EU to litigate against US companies that have breached the privacy of EU citizens. Numerous US states will be introducing its own data laws, so this legal action can go both ways.
It’s important for websites to make clear which ‘cookies’ (data files used to personalise and also track a user’s online experience) are used, and how to disable them if desired. Installing cookies without a user’s consent is likely to be the most common violation of GDPR regulations, and potentially the violation most susceptible to fines.
For internet search results, GDPR includes an expansion of the ‘right to be forgotten’, first introduced in 2014. If a person’s name searched on the internet brings back a link to information that could have a negative effect on their privacy, they can ask the search provider to remove it. If they refuse, in the UK this issue can be referred to the Information Commissioner’s Office (ICO). Reasons for removal requests include if the results contain information about the individual that is ‘inaccurate, inadequate, irrelevant or excessive’.
GDPR has been described as ‘the most important change in data privacy regulation in 20 years‘, and there will be legal cases and fines. A company’s compliance will only truly be tested in the courts, so businesses would do well to follow regulations carefully now to save a great degree of hassle and expenditure in the future.