You’ve probably heard the letters GDPR everywhere lately. “What do they mean and why do I have to care?” is probably your common response. This article seeks to provide you with an overview of the new data privacy and protection regime that will help you answer both of those questions.
The GDPR stands for General Data Protection Regulation. It is the new European Union data privacy and protection regime that went into effect on May 25, 2018. It is designed to provide people located in the European Union with greater protection of their personal data and it seeks to punish companies that fail to comply with the rules.
The European Union (EU) already takes its members’ personal data very seriously. The protection of personal data is actually codified in the EU Charter. This is very unlike the hodge-podge scheme of laws (mostly state) in the United States that seek to protect individual data.
It is designed to provide people located in the European Union with greater protection of their personal data and it seeks to punish companies that fail to comply with the rules.
But, the GDPR applies globally. So, even though US companies may not have to abide by strict privacy laws in the US, they will have to abide by the GDPR if they do business in Europe or collect any data from EU citizens (regardless of whether the data is stored outside the EU).
You may also like, “Cybersecurity Challenges for Boards of Directors”
Individual users will also have the right to obtain their personal information free of charge. They can learn whether personal data was taken, for what purpose, and where it is being held.
A concept that may seem very foreign (pun intended) to US-based consumers is the “Right to Be Forgotten.” The GDPR entitles “data subjects” to request that the entity controlling their personal data erase all of the data, stop providing that data to third parties and, in some cases, go so far as to require third parties using the data to stop doing so.
That’s a lot of very foreign information for US-based consumers, who have only recently begun learning the extent of how our personal data is shared. You might ask why you need to know or care about the GDPR. And, of course, the answer is money! The GDPR drastically increases penalties for non-compliance (we’re looking at you Facebook and Google).
You may also like, “Can You Avoid Having Your Identity Stolen by Family”
Under the new regulations, non-compliant companies face strict penalties, which may be up to 4% of the organization’s annual global revenue or €20 million (whichever is greater). Yes, that says greater.
The GDPR solidifies the European Union’s belief that personal data is important and should be private and protected. By reaching beyond the bounds of the EU to enforce personal data regulations, jurisdictions like the United States are forced to sit up and take notice of what the EU believes is a fundamental human right. Hopefully, forcing the US to comply with these stricter data privacy and protection rules will inspire comprehensive privacy legislation on the other side of the Atlantic before Facebook sells our souls!
Meghan Nugent is an associate with SpencePC. She has extensive experience assisting clients in both transactional and litigation matters of all natures. The focus of her practice is Intellectual Property. She also assists the firm’s clients in the prosecution and litigation of trademarks.
The Real and Rising Threat of Cybercrime for Small and Mid-Sized Businesses
The Legal Implications of Cybersecurity When Collecting Personal Information
Cybersecurity Challenges for Boards of Directors
Intellectual Property and the U.S. Constitution
Intellectual Property, Cybersecurity and Creativity
How to Protect Your Passwords: 4 Tips
Please log in again. The login page will open in a new window. After logging in you can close it and return to this page.