With the adoption by the European Union of new privacy protections, the use of customers’ data by businesses will be under increasing scrutiny in the U.S. as well as in Europe. The new protections take effect today.
If you are a business owner or manager, it’s important to understand what the new protections are and how they may affect you.
In this post, we will use an FAQ format to inform you about these issues.
What are the new European data privacy regulations?
The new data privacy protections by the European Union are known by the abbreviation GDPR. This stands for General Data Protection Regulation.
The GDPR broadens the definition of personal data and increases the rights people have over that data. The types of data covered include social media posts, electronic medical records and GPS location.
Who is covered by the GDPR?
The GDPR applies to residents of the 28 counties in the European Union. This includes Americans and other foreigners who live in those countries.
People from EU countries who live in the U.S. are not covered by GDPR. But U.S. firms with European customers will have to comply with GDPR or face fines of up to 4 percent of their annual revenue.
What rights of control over data does GDPR protect?
The GDPR requires companies to get authorization from people before collecting data from them. The request for this permission must be made clearly – especially when it involves sensitive information such as biometrics.
The GDPR also recognizes the right to have personal data deleted, if the person doesn’t want a particular company to have it.
How different is the GDPR from data privacy protection in the U.S.?
Very different.
Generally in the U.S. companies can do what they want with people’s data. Facebook, in particular, epitomizes the way in which companies turn data into a commodity and sell it to others.
The U.S. does have certain protections for health and financial records. By and large, however, the U.S. lacks the types of controls that Europe has now put in place.
How are U.S. companies responding to the new European law?
The important thing to remember is that if your company does business with European customers, the GDPR applies. Even if you’re not based in the EU, if your company holds personal data of residents of the EU, the law applies.
Overall, it would be fair to say that companies are scrambling to understand the new law and undertake necessary compliance measures. But it’s also true that some companies view it as an opportunity to revisit how they handle customer data and how the use it to serve customers.