GDPR: Is Your Organization Ready For This Major Shift?
The General Data Protection Regulation (GDRP), which officially became law for the European Union on May 25th, represents a major shit. The new rule will no doubt change the habits of almost all companies that provide services to European citizens as it gives citizens new rights while imposing new rules onto companies and organizations.
Is your organization ready for the GDRP? Should you be worried? Here’s a quick guide to help you navigate the new world of data privacy.
What is the GDRP?
Online giants today are collecting and analyzing an incredible amount of personal data to provide personalized services, such as targeted ads, personal digital assistants, custom recommendations and much more. The GDRP is a new rule that seeks to reconcile users’ right to privacy with technical innovations by clarifying the rights of users and the types of services that all organizations and companies must provide.
From now on, European citizens will be able to use the GDRP to defend their personal data and their right to privacy if they feel an organization is using their data recklessly or in an overly intrusive manner. All companies and organizations that offer services to European citizens, including companies located elsewhere that offer online, web-based services, have to comply with this new rule. Many public organizations, such as public schools, will also have to make sure that their services are compliant.
Thanks to the GDRP, citizens and employees now have many new rights: the right to privacy, the right to protection, the right to be forgotten, access rights, modification rights, deletion rights, the right to make mistakes, transparency rights, the right to know, the right to be told, the right to be unlisted, portability rights, opposition rights, conversation rights and transfer rights. Companies and organizations, on the other hand, now have new obligations: non-evaluation, non-profiling, equal treatment of all citizens, transparency, adoption of internal rules to protect privacy, including naming an individual officially in charge of these duties and much more.
Companies will also have to conduct a study before rolling out a new service that involves data collection to ensure that they have adequately reviewed the potential risks and impact of this new service on citizens. They will also have to make sure proper cybersecurity safeguards are in place to ensure that the personal data of citizens is safe and well protected.
To navigate the GDRP, many observers believe that most companies will choose to put into place an official Data Protection Officer to implement, manage and coordinate all of the company’s new GDRP-related responsibilities. Penalties and sanctions related to non-compliance with the GDRP could be swift and severe, with the highest penalty being 4% of an organization’s sales revenue. To give you an idea, 4% of Apple’s sales revenue would mean an 8,6 billion dollar fine!
Getting companies to focus more on data protection
The mere possibility of a fine has already motivated organizations to be pro-active and review their practices. These changes won’t be easy to implement and they won’t be cheap. For a company that possesses several sub-divisions that are involved in different areas or sectors, compliance with the new rule could cost several millions of Euros as companies will have to develop new services and functionalities to respect the new rights of users, such as the right to be forgotten.
While the GDRP represents an important hurdle to overcome in the short term, it could also become, in the long run, an opportunity for many companies. According to a study by the firm SendinBlue, 77% of consumers believe the transparency rules imposed by the GDRP will play a role in how they evaluate products and services moving forward. Embracing data privacy could therefore help companies differentiate themselves from their competitors and successfully attract new users.
For companies, the best way to succeed and to transform themselves to become GDRP-compliant is to tackle the problem collectively and ensure that every division and sub-division is involved in this process. For more information about the GDRP, you can consult the following website.
Is your organization ready for the GDRP? Do you have GDRP-related questions or concerns? Let us know in the comments section!