What does GDPR Mean to you?

If you are a company in the EU a lot! In the U.S, not so much...

GDPR

Data protection is not only important today it is apart of our everyday security! It is similar to ensure the alarm on your home is on and locking your car door every time you get out of it. The same should apply to your personal data and businesses, whether large or small the business should ensure it is protecting your privacy according to the privacy laws within their country or state and especially the federal laws.

Have you received a lot of emails lately in regards to new privacy laws asking you to agree? Read before you accept.. Here is why...

GDPR ( General Data Protection Regulation ) will affect the U.S consumer / client if they are doing business with a EU company and it affects the business as well. The business has to notify all of their consumers or clients of their new privacy laws as this new policy goes into effect in 10 days!.

The biggest request that I have noticed in GDPR is that every company has to have a Data Protection Officer! "The DPO is similar to a compliance officer and is also expected to be proficient at managing IT processes, data security (including dealing with cyberattacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations" ( Wikipedia, 2018) Some companies do not have this at all. 

The current EU DATA PROTECTION DIRECTIVE  which is still in effect until the 25th of May 2018 currently covers these 7 principles, according to Wikipedia

  1. Notice—data subjects should be given notice when their data is being collected;
  2. Purpose—data should only be used for the purpose stated and not for any other purposes;
  3. Consent—data should not be disclosed without the data subject’s consent;
  4. Security—collected data should be kept secure from any potential abuses;
  5. Disclosure—data subjects should be informed as to who is collecting their data;
  6. Access—data subjects should be allowed to access their data and make corrections to any inaccurate data
  7. Accountability—data subjects should have a method available to them to hold data collectors accountable for not following the above principles.
GDPR UNITES STATES

GDPR goes into affect and replaces the current data protection law. GDPR is more seamless and rules out the previous directives and holds all businesses liable for the protection of personal data. 

Unfortunately in the United States, I would assume we have ways to go to come to a seamless one for all policy on privacy?.... Why? We have so many laws ( HIPAA, FCRA ) today that are separated but why not take the same approach as EU and make one law? 

Although I obviously cannot prove to an entire degree, I believe we are entitled to our own protection of our personal information. It should not be so freely in the hands of businesses just because I purchased something from them.

The idea of marketing and sharing personal information so freely drives me nuts! As a small business owner. I shouldn't need so much information other than if you agree to subscribe to receive marketing from my business and ensuring payments are made on time and if they are not "I" as a business owner shouldn't market or sell your information. I should state what my privacy laws are "clearly" which I do and if you do not agree, then I will not share your information or market to you. 

Here are some companies that I feel are most effected by this new law in EU:

  • Tech Companies 
  • Medical Companies
  • Retail Companies
  • Social Media

It's a Win for the Consumer! 1-0 

I think this could not have happened at a better time! Technology is advancing and so are hackers! If businesses do not have full protection of their data, then the information that it has stored ( consumers) is not protected. This means that you control your information and if you want your information deleted you have the right to let the company know to delete it and they have to respond to you that they have. See some of the new policies that are going into effect on 25th of May in EU.

What are your thoughts? Should the U.S. adopt this same strategy?