In just a couple of months, the General Data Protection Regulation (GDPR) in Europe will require companies to obtain consent before collecting user data from those in the European Union and United Kingdom.
This new set of regulations will give internet users more control over personal data, including user name, photos, email addresses, phone numbers, mailing addresses, banking information and social security numbers. With the GDPR, users will have a set of guaranteed rights, including the rights to edit, transfer or delete any of the data companies collect about them.
Regulatory Impact on Facebook and Others
The GDPR poses one of the biggest regulatory challenges in history for companies like Facebook, which is incredibly reliant on user data collection and analysis. Analysts are still unsure of how large an impact the new regulations could have on Facebook or how strictly they’ll be enforced.
For example, exactly which types of personal data (for instance, location, mobile device ID numbers and IP addresses) the regulations do not apply to is not overtly clear. Additionally, according to Morgan Stanley analyst Brian Nowak, “‘Legitimate interest’ is an exception that essentially removes the need to get consent from consumers to use their data if it can be demonstrated that the company collected data legally, used it justifiably and processed it responsibly.” This exemption will likely apply to data used to prevent fraud or other crimes, but the scope of the exemption is not presently clear.
Facebook collects a plethora of user data to optimize its massive online advertising business. Under the GDPR, Facebook must obtain consent from its users in the EU and UK. Furthermore, its online advertisers who gather user data will have to obtain consent, too. If regulators require active, periodic consent, it’s possible that users would be regularly asked to opt in to data collection. This opt-in process could cost Facebook valuable data.
Prepare – Or Pay the Price
Many companies are unprepared to comply with the GDPR, or completely unaware that its rules will apply to them. Those that don’t comply will face penalties of up to 4% of their annual global turnover or €20 million, whichever is greater. Companies that are hacked and attempt to hide the cyber attack from customers could also face penalties.
TechRepublic reports that, in a recent survey conducted by data management provider Solix, 22% of organizations don’t realize that they must comply with the GDPR if they hold EU and UK citizens’ data, even if they’re based outside of the EU and UK. Additionally, a government report cited in a recent ZDNet article said that fewer than half of businesses understand the new legislation or are taking steps to prepare for compliance.
Assess your liability using this helpful chart and related resources provided by Tech Republic.
Cyber Security Tools for Today’s Environment
Whether the GDPR applies to your company or not, a robust cyber security plan is a must for protecting your company and your customers from potential threats. IEEE offers Cyber Security Tools for Today’s Environment, an 11-course training program for technical professionals across all industries who require up-to-date information on how to protect enterprise networks from potential threats. Get the training your organization needs now to remain secure.
Duggan, Wayne. (16 March 2018) Facebook Faces a Major Regulatory Hurdle. U.S. News & World Report.
Gilbert, Jody. (16 Mar 2018). Time is running out on GDPR compliance: Find out if you’re affected. TechRepublic.
Palmer, Danny. (25 Jan 2018) GDPR: Deadline looms but businesses still aren’t ready. ZDNet.