“GDPR & ePrivacy Regulations” (CC BY 2.0) by dennis_convert
Whether you like it or not, the European Union (EU) is implementing its General Data Protection Regulation (GDPR) this month. The regulation has been more than a decade in the planning and is designed to futureproof European residents’ right to protect their identity online.
From May 25th, the legislation will mean businesses that handle the personal data of EU residents will have to align themselves to a new standardized set of data protection rules. It is hoped GDPR will become a fundamental human right in the digital space, empowering users to correct, erase or move their personal data. The number one reason why GDPR has been on the lips of businesses big and small is due to the implications of failing to comply. Non-compliance of GDPR could lead to fines of up to €20 million or 4% of the non-compliant company’s overall worldwide revenues.
A number of organizations are also indicating that they lack confidence in their existing data compliance processes and policies given the increasing sums of money that are being spent on GDPR compliance. New research from global management consulting firm Oliver Wyman suggests FTSE 100 companies could pay up to £5 billion (approximately $6.75 billion) a year combined for failing to comply with GDPR. That data is based on 2015 financial reporting figures listing known data breaches within FTSE 100 companies in the last five years.
Consequently, FTSE 100 firms are thought to be spending over $20 million a piece on GDPR compliance, with other businesses recommended to budget up to $600 per head on maintaining their own GDPR compliance. On an even bigger scale, consultants Ernst & Young believe that the world’s 500 largest corporations are expected to have spent almost $8 billion on GDPR compliance. Meanwhile, many of these companies have also been forced to create data protection divisions, with the bigger the organization, the greater the onus on data protection.
For smaller businesses, it’s a good idea to seek external compliance support such as training. Classroom-based training and seminars can cost four-figure sums and on top of that investment, you’ll need to factor in the time and money it takes to design and implement compliant internal processes. Nevertheless, it will be the biggest corporations that hold and process the most significant amounts of consumer data – i.e. tech marketers and data brokers who will be the hardest hit. Just meeting the basic requirements for data access and deletion represents a considerable task for some firms that may not have previously needed to collate every piece of data they have on a specific person.
From a consumer’s point of view, GDPR puts the ball firmly in their court, with the ability to hold corporations to account like never before. Those within the data industry must be crossing their fingers that users don’t take advantage of the power of GDPR in large numbers. If a sizeable number of users decline consent for specific uses of their data and request access to their personal data from data brokers, or even delete the information altogether, this could have a significant impact on the big data industry.