GDPR's One-Year Anniversary
Monday, May 20, 2019
One Year Out: How GDPR Is Impacting the Ever-Changing Frontier of Data Accountability
By Ted Clouser, PCA Technology Solutions President/CEO
Virtually every business sector is impacted by GDPR and GDPR compliance. Almost a year to the date of GDPR’s inception, I’m here to reflect on the impact of GDPR today, and how it will continue to influence data accountability tomorrow; for example, how data privacy laws are viewed by businesses and consumers (positively, negatively, or neutrally) and how to identify and replicate successful models of data accountability compliance.
A Brief Overview
On May 25, 2018, the European Union adopted a comprehensive and far-reaching privacy law: General Data Protection Regulation (GDPR). This regulation was implemented in all local privacy laws across the entire EU and EEA region. It applies to all companies selling to and storing personal information about citizens in Europe and other continents.
Essentially, the GDPR has set a higher standard for obtaining personal data and for this reason, it has become a truly watershed moment for global privacy law. Not only because of the rights and protections it provides to individuals in the European Union, but also because it has inspired other governments to consider similar legislation.
New privacy laws are coming into effect in America (California) and beyond (Brazil), with other American states and members of the global community projected to follow. Most of the new privacy laws they are adopting share many of the same principles of the GDPR.
The bottom line is this: Privacy remains important to individuals, communities, businesses and governments inside and outside of Europe.
GDPR and the Global Landscape
When it comes to the global landscape and privacy law, GDPR isn’t the only four-letter phrase making waves. For many privacy professionals in the US, 2019 is punctuated by the impending arrival of the California Consumer Privacy Act (CCPA). This new California privacy law will come into effect on January 1, 2020. The CCPA has created its own watershed moment in privacy law, with at least nine other states having introduced new privacy legislation on the heels of its creation.
While the CCPA shares some similarities with the GDPR, there are key differences that impact how the law is implemented by businesses and exercised by individuals; for example, because California has a much larger economy than the UK, the implications of penalties may be even more severe than that of the GDPR. Furthermore, the CCPA stipulates that responsible parties have 30 days to respond to a request while the GDPR grants 40 days. And the list goes on...
Several versions of federal privacy law are also being discussed, showing a renewed interest in potentially adopting a federal privacy law in America. Still, many questions remain, surrounding the content and likelihood of such a law being implemented in the not-so-distant future.
In August of 2018, Brazil also adopted a new privacy regime that shares similarities with the GDPR and will go into effect in early 2020. Argentina and Thailand are also considering new data protection bills, again, similar to the GDPR. Finally, India is also in the process of drafting a personal data protection bill. These trends all reiterate how much privacy matters—inside and outside the EU.
The New Frontier of Data Accountability
Increasing privacy regulation demands greater data accountability from organizations, at every level. While privacy compliance was once the sole responsibility of designated individuals or teams, dependent on the internal processes and policies of organizations, in today’s privacy world, everyone must be accountable for the ways in which they collect, use, protect, and share data.
The EU is leading the way in broader definitions of breach notification and the US could follow suit instead of having individual state laws. If legislation can look at the most successful states’ existing laws and incorporate them federally, it should have a positive impact. Overall, individuals and companies alike recognize the need for and value of data accountability despite the hassle that compliance can create. PCA Technology Solutions believes data security and data accountability education are essential, so we too view privacy laws as a generally positive move.
PCA Technology Solutions uses a collaborative, cross-functional approach to encourage transparency, participation, and community when it comes to our work culture and client relationships. We seek to provide innovative solutions while collaborating with our clients and other industry professionals to create and preserve privacy. We accomplish this through ongoing training, engaging in privacy impact assessments, and fostering a results-driven, open dialogue about privacy and data protection among our team members.
Find out how PCA Technology Solutions helps our clients protect their data and stay secure with our Cybersecurity Solutions.
Sign Up for Our E-Newsletter
Every month, we'll send you our latest blogs, news and announcements.