The new year is quickly approaching, and on May 25th, 2018 all businesses in the EU must comply with the General Data Privacy Requirement (GDPR)legislation or face significant penalties. If you’re a U.S. company that doesn’t do business in Europe, this won’t affect you, but there’s something we all can take away from this legislation.
The GDPR legislation is designed to protect the rights of individuals so that organizations cannot do whatever they please with your personal information. The requirement goes so far as to provide an individual with the “right to be forgotten”. What does that mean? Well, if you contact a company in the EU or one that is doing business in the EU (even through Facebook, Twitter, Instagram, etc.) and they have your personal information, you can ask them to destroy your data and they must comply with your request. If they do not, the penalties can range from €10 million to 4% of the company’s global annual turnover.
Europe has chosen to protect an individual’s data rights and how the metadata is used. After all, in this era of oversharing, metadata is king! f you disagree, consider Google, Facebook and Twitter—those companies can exist because of the exabytes of metadata they collect, share, and sell. You don’t need to look any further for proof than the targeted advertising that appears after you perform a search for a product or service.
Think of what would happen if you had control over your personal information and could tell a company what they could and could not do with that information. It sounds like a great way to protect your privacy, right?
In my opinion, the U.S. government should stop allowing companies to do what they want with your personal information, and start protecting not only its citizens data, but also their respective rights to privacy. Enacting legislation like GDPR will give teeth to the data security industry in the U.S. while holding data owners accountable for what they do with your personal information.
Europe has chosen to lead the way with regard to protecting the rights of personal information and I believe the U.S. should follow suit. Cybersecurity companies like IGI can help protect against data loss or theft, but it is up to legislators to protect the rights of the individual and their data.
For companies operating in the EU who have yet to begin the process of GDPR compliancy, IGI can help. Contact us and we’ll help you develop a timeline to become compliant by the May deadline.