The General Data Protection Regulation (GDPR) is a set of far-reaching regulations that govern how European Union companies deal with the personal data they gather from individuals – and the regulations also directly impact companies from across the world that do business with any of the member states in the EU.

The question on everyone’s mind in the run-up to the roll-out of the GDPR regulations was just why such regulations were required.

The public’s increasing outrage at the way that companies were harvesting and then monetizing the private data that they had gathered proved to be the driving force behind the development and roll-out of the GDPR.

In a survey, more than 7,000 consumers in the EU, the United Kingdom, and the United States revealed that 80 percent of consumers said lost banking and financial data is a major concern. Three-quarters of those surveyed said that lost security information worried them deeply.

The same survey revealed that more than 60% of the respondents would blame the company that hackers attacked rather than the hackers themselves for any data loss.

Clearly, there were enormous concerns.

In the past month, the EU regulators have proven that the regulations are no ‘paper tiger.’ During the recent grilling of Facebook CEO Mark Zuckerberg by EU parliamentarians, it became abundantly clear that not only is the EU treating privacy is a severe topic – but they are not afraid to exercise their powers when it comes to sanctioning individual companies.

However, the sheer scope of the new regulations is providing companies in the EU and across the globe with challenges in collecting personal data and the issue of privacy.

The first challenge for companies will be for security teams to come to grips with what constitutes personal data. The GDPR has an almost all-encompassing view when it comes to this definition. It is not only information such as social security numbers, addresses, and names that are protected, but it also touches on subjects such as the use of cookies and the IP addresses used by individuals.

These definitions prove tricky for companies trying to comply with the stipulations set in place by the GDPR as far as data protection and privacy are concerned. For instance, the regulations insist that an organization must place ‘reasonable’ safeguards to ensure that customer data is protected. However – just what constitutes these reasonable safeguards is not make clear in the GDPR.

However, companies are scrambling to comply. The GDPR has a global reach. It affects companies in the EU and those who do business with the EU. But it also affects companies that use data gathered from residents in the EU.

And complying is not going to be cheap. PwC estimates that 68% of companies based in the United States will be spending between $1m and $10m on compliance issues. Almost 10% expect to spend over $10m.

Clearly, companies will have to step up their game if they want to continue doing business that involves data connected in any way to the European Union.

Leave a Reply

Your email address will not be published. Required fields are marked *