GDPR enforces practices that should have already been in place
The long-anticipated General Data Protection Regulation is finally upon us.
For the benefit of anyone that has been living under a rock, GDPR is a regulation put forth by the European Union that intends to ensure stronger data protection and better ownership of private data for all European citizens. It gives control over private data back to said citizens and includes some very severe penalties for any organization that does not comply.
Most notably, it makes no distinction as to whether an organization is based in the EU or internationally - if they hold the private data of a European citizen, they have to comply with GDPR. It became enforceable as of May 25. Now, any organization that is not already compliant will very likely be hit with significant fines, and possibly even sanctions.
Even if you haven’t been scrambling to ensure compliance, you’ve at least heard of GDPR in passing. And you’ve (hopefully) at least considered what’s involved in becoming compliant.
Ultimately, it all comes down to data hygiene. It comes down to knowing exactly what data is stored where, how that data is used, how that data is secured, who uses that data, and who has a right to it.
It also comes down to having systems and processes in place for effective data erasure, and redundant architecture to ensure full availability of data to citizens.
It’s all stuff that you should be doing anyway, in other words. Yet it’s also stuff that most businesses rather bafflingly don’t bother doing. Their reasons are many - a lack of expertise, a lack of resources, an unexpected period of growth….
But the end result is the same. They’re non-compliant, and that will come back to bite them. If not now, then in the very near future.
“GDPR is a wake-up call for American companies to solidify best practices around their big data and data science initiatives,” explains Datanami’s Alex Woodie. “While American firms today must follow a mishmash of data handling laws for specific sectors like healthcare and banking, there’s no single overarching law telling what they can and can’t do with data in a broad sense.”
That’s the purpose that GDPR serves. And if you think there won’t soon be more regulations like it - if you think that more governments will not soon follow suit - you simply haven’t been paying attention. Cybersecurity and privacy are rapidly coming into the public eye of late.
People want more ownership over their identities. People are growing more cautious and concerned about cybersecurity. And people want businesses to be held accountable for carelessness where sensitive data is concerned.
GDPR is the end result of those desires, the end result of governments paying closer attention to cybersecurity and data protection. And it should serve as a warning for you to follow suit. Because if you don’t, you’ll have only yourself to blame when you’re brought low by noncompliance penalties.