What is GDPR?
And How Will it Affect American Businesses?
This month, the General Data Protection Regulation, or GDPR, goes into effect throughout the entire European Union. This sweeping legislation addresses the issue of user data and how it is collected. While on the surface this might look like a strictly European issues, the GDPR will affect US based internet companies that do business in the EU.
Facebook and Google are two American businesses that stand to be greatly impacted by the GDPR’s new regulations. This legislation forces them to alter tactics as it pertains to the acquisition and usage of consumer-based data.
So, what should you know about the GDPR before it goes into effect on May 25, 2018?
What is the GDPR?
In April of 2016 the GDPR was approved by the EU. This replaced a law known as the Data Protection Directive, which governed user-based information throughout the 28 nations of the European Union. Following its approval, companies were notified and given a full two years to alter their systems for proper compliance.
The goal of the GDPR is to allow internet users more control over their personal data. Oftentimes, large companies collect information on customers and sell it to advertising agencies. Many of these companies use vague or misleading language to receive consent from users in order to access and sell their data. Sometimes, information consent is even bundled together with other more necessary services, so to get one you have to agree to the other.
The GDPR strengthens conditions of consent. Former tactics which were used to trick or bully someone into giving up their personal information will no longer fly throughout the EU. Now, informed consent must be obtained individually and be easy to withdraw. Another protective tactic that the GDPR employs is parental consent for children under the age of 16. No longer will minors be given the option to share their information with companies against the will of their parents or guardians.
Web security is also addressed, with businesses now mandated to notify their data protection authority within 72 hours if a breach occurs. The EU document goes on to state that customers must then be notified immediately.
Consumers will also have more direct control over their data, even after consent has been given. Companies will have to provide transparency to their customers, letting them access their personal data as well as where it is being stored and for what purpose. Consumers can then withdraw their consent, erasing their information completely, or transferring it to another service provider.
This is big news for European web companies, but it also has a far-reaching effect on the global internet industry. Large companies from outside Europe that service the EU are also forced to comply with this legislation, or risk huge penalties.
What are the GDPR’s Penalties?
The punishments doled out for GDPR infractions are potentially massive in scale. An organization found in breach could be fined up to 4% of their annual global turnover, with a minimum amount of 20 million Euros. To put this in perspective, Facebook raked in $9.1 billion in 2017. A GDPR infraction would have cost them a whopping $364 million. Google saw revenue of $110.8 billion in 2017. If they were to violate the GDPR they would lose over $4.4 billion.
Suffice to say, these large web companies are taking the GDPR very seriously.
What Impact will GDPR Have on Big Companies?
Businesses such as Facebook and Google have been preparing for the implementation of the GDPR for two years.
Among the measures now being employed by the social media giant is a tool called “Access Your Information.” This allows you to see comments you’ve left or posts you’ve shared and delete them if necessary. Consumers can also use this feature to download their data and switch it to another service. Facebook touted this advancement in the wake of the Cambridge Analytica scandal in an attempt to win back the trust of their audience. However, this step was coming anyway thanks to the GDPR.
There are many who believe that reported monthly average users could drop off for Facebook as a result. There is also concern surrounding Facebook’s ability to successfully target advertisements and create custom audiences once GDPR regulations become a mandate. This is especially problematic for businesses that have become accustomed to Facebook’s highly targeted advertising services.
Since 2011, Google has offered data exporting through a service known as Google Takeout. The company has now chosen to expand that, making it inclusive of more services and creating better controls. Another step Google is taking to adhere more with GDPR mandates is backing the Data Transfer Project. This open-source system makes the transfer of data between networks completely seamless.
While the GDPR was created for the benefit of users throughout the European Union, its effect can be felt the world over. These major changes to vast multi-billion-dollar giants such as Google and Facebook will have repercussions on individuals and businesses throughout the United States who use these services on a daily basis.
For more information on how the GDPR will affect your digital marketing efforts, call the team at 9Sail at 201-632-1185, or visit us online.