Data Protection Regulation has been a sensitive topic for the past several years. Conversations on the topic have been going on since consumers realised the effects of a data breach. There have been countless data breaches in the recent past globally ranging from large-scale website security breaches to consumer privacy violations involving large companies entrusted with sensitive consumer data. As consumers continue to learn about the implications of their data falling into the hands of “the wrong people”, data protection regulation will continue to be a hot topic.
The United States has lead in data protection regulation with most states now having regulation on data breaches. Almost all states have laws on one or more forms of consumer data protection. Europe has had data protection regulation covering its residents for over two decades now. However, most of these regulations are outdated.
The world has experienced massive technological changes. These changes informed the European Union’s decision to refresh its former regulation dubbed Data Protection Directive with more robust regulation i.e., the GDPR. Here’s more on what the GDPR (General Data Protection Regulation) entails for consumers.
What is GDPR?
The GDPR is an update to former EU regulation on consumer data after considering the latest technological changes and new consumer data threats posed by e- commerce, online advertising and general growth in data-driven marketing. The new law focuses on achieving three primary objectives. One, to give consumers more say/control over what companies do with their personal data/how they process/store it. The new law also focuses on standardising rules for reporting data breaches in European countries. Lastly, the GDPR aims to make accountability and transparency a priority for all companies dealing or entrusted with consumer
Majority of the provisions existing in previous regulation have been restated in the general data protection regulation. However, companies face more stringent fines for non-compliance. The GDPR also makes it compulsory for companies to report any breaches to regulators as well as consumers. The new law also allows people to find out what companies they do business with or work for are doing with their personal data.
The GDPR qualifies more as an evolution of the Data Protection Directive as opposed to a revolution. The new regulation, however, introduces crucial changes and reduces country-specific laws. The GDPR is a crucial regulation considering the nature of the world today. The world has become increasingly connected boosting the volume, prevalence, and value of personal data.
Who will be affected by the GDPR?
The GDPR will start being enforced on 25th May 2018 so, being well versed about the regulation’s impact is important. The GDPR has a broad personal data scope which covers online identifiers i.e., IP addresses and social identities to typical name and contact information (work and personal information in the EU). The regulation includes anything which is traceable back to an individual. The scope aims to enforce personal data protection as a human right. GDPR protects EU residents’ data in line with today’s data protection needs.
It’s worth noting that the regulation applies to all companies operating (collecting data) globally provided they serve EU customers. Any company conducting business with EU customers must meet specific requirements including implementing specific technical and organizational measures aimed at guaranteeing personal data security.
According to GDPR guidelines, companies must review how they collect as well as store consumer data. The law requires companies to keep special types of records (i.e., consent records) as well as maintain 100% transparency on how they utilise personal data. The regulation touches on data processors and controllers.
Under the new law, EU residents have the right to question companies on any issue regarding their personal data such as how it was obtained. EU residents also have the right to opt-out of marketing campaigns and in most cases, request for their personal data to be deleted.
Preparing for GDPR
With approximately a month before the GDPR takes effect, companies must be informed and prepared. The same applies to European Union customers. Companies must review their practices ensuring they are compliant with the regulation. Information regarding the regulation is readily available on the European Commission website. 
Consumers also have a role to play i.e., they must familiarise themselves with the rights accorded to them by the GDPR. This is important for consumers to be able to ask questions/place consent requests on data collection activities. An informed consumer will also be able to notice data breaches faster.
It may take a while before the GDPR takes full effect, however; it is a step in the right direction since companies are more liable in case of data breaches. Companies must tread carefully when it comes to all matters relating to customer data going forward.