The European Union’s (EU) General Data Protection Regulation (GDPR) burst on the scene in May 2018. The GDPR focuses on the data privacy of European citizens. However, due to the way it is worded, GDPR has and will continue to have lasting impacts well outside of the EU. In short, the regulation requires any business that collects, stores, or transmits personal data of EU citizens to comply with it, regardless of where the business is located.
GDPR has various chapters and sections covering key areas, such as its principles, rights of the data subject, responsibilities of the data controller, and also insights on the liabilities and penalties for failing to comply. GDPR penalties are far from trivial, either, with some of the largest GDPR fines to date reaching hundreds of millions for organizations such as Amazon and WhatsApp. These sorts of ramifications are causing organizations and their leadership to pay increased attention to data privacy concerns and associated consequences.
The Implications of GDPR
On the surface, it may seem to be a regulation that only those in the EU would need to be concerned with, but the reality is, from a digital perspective, we live in a diverse and complicated global ecosystem of multinational organizations and dynamically moving data. Once organizations started to understand the implications of GDPR, they began examining their processes and policies of data in terms of collection, retention, and residency. This is because the requirements of GDPR are not geographically constrained and follow the data wherever it may traverse.
The impacts of GDPR also aren’t only relevant to the technical domain, as the topic of data privacy has gained increased attention around the world. This includes in the U.S., where we have seen the California Consumer Privacy Act and others calling for a U.S. nationwide data privacy regulation similar to GDPR.
Regulatory Concerns Involving Data Privacy
C-Suite and organizational leadership have realized the regulatory concerns around failing to consider the data privacy of their customers, consumers, and, more broadly, anyone they may be collecting or storing information on. This is partially due not only to emerging regulations such as GDPR and the California Consumer Privacy Act, but also due to increased awareness from citizens as it relates to protection of their data privacy.
Many citizens and consumers have become acutely aware of the fact that their data is now a commodity, collected and often shared by organizations they interact with digitally, and often without their direct knowledge or consent. Whether they’re purchasing information on browsing, social media use, or search engines, organizations are actively harvesting data on individuals to use for myriad purposes, often tied to some sort of business or organizational benefit.
The Cost of Data
There’s no denying this data has value and can be used for countless purposes, such as to increase marketing effectiveness, make business decisions, and drive revenue. However, the data comes at a cost, particularly when it is subject to regulatory frameworks that require organizations to take measures to properly and ethically collect, store, and share said data.
C-Suite leadership must be cognizant of the costs associated with failing to properly protect consumer data privacy and security, due to both regulatory concerns as well as potential ramifications in customer trust and brand loyalty.
Much like the push for zero trust and the death knell of the legacy perimeter-based approach to cybersecurity, data privacy regulations aren’t confined to their local, regional, or national boundaries because they follow the digital data trail, and it moves globally.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: