It’s been just over a year now since the General Data Protection Regulation (GDPR) was brought into effect in Europe. A bit of background if you’re unfamiliar, but the GDPR was developed to define standardised data protection laws to make sure organisations gather, store, protect and share the information they have on European Union citizens in a lawful and ethical way. Since it’s induction companies have already been fined in the millions for various data breaches.
Now, why is it important? Ultimately, it has put the rights and privacy of all citizens at the forefront of everybody’s minds and sparked a global conversation around privacy matters. In doing so it has created much-needed transparency across the digital world and forced companies to be more clear and concise in regard to what personal data they keep and why. It has also clarified what companies that process personal data must do to safeguard it. Consequently, the GDPR has improved trust in the emerging digital economy and secondly, created a simpler, unclouded legal environment for businesses to operate in, making data protection law the same throughout the market. Organisations like us have had to start understanding properly what data we acquire, hold and process and the legal basis for that. This is a big win for all citizens within the EU.
The impact of the GDPR has resonated all over the world and led to the development of similar laws in other countries, most notably the California Consumer Privacy Act (CCPA) which will be enforced from early 2020. As the first state to pass this legislation with such a broad scope on data privacy, it seems California has now set the bar for the rest of the US.