When the General Data Protection Regulation (GDPR) came into effect in May 2018 for entities operating in the European Union or targeting its citizens, most people assumed things would change immediately.
But, like most new and far-reaching rules, the effects of this regulation are not entirely apparent.
Here are some GDPR-related changes to expect in 2019.
Businesses from all sectors struggled to get ready for the May 2018 deadline. Now, research shows the majority of organizations are still having difficulty complying with a critical part of it — specifically, the one where consumers can request copies of the data companies have about them.
A study that occurred after the GDPR went into effect showed most businesses didn’t meet that request within the required one-month timeframe. Also, more than three-quarters of entities in the retail sector failed to respond entirely.
Analysts have also weighed in to clarify that businesses need not only focus on the fines they might receive, but how GDPR compliance could be a driver of increased customer trust and overall business growth. So, 2019 could be the year when the ways companies comply with GDPR get more uniform across industries, positively affecting customer perspectives.
Also, the number of GDPR-related complaints about lack of compliance has risen substantially in numerous countries. Some affected entities merely received a warning. Once they complied, regulators considered the issues handled. However, if businesses don’t show they are in line with GDPR, they should not expect such leniency.
There are seven key GDPR components, but each one specifies what businesses must not do and not the processes for achieving the goal. As such, the GDPR will likely impact big data ethics as companies engage in data governance and data mapping to become more aware of data usage, data storage and other essentials.
Also, data scientists must treat information differently than before the GDPR began. Unless identifying information is crucial to the worthiness of data, people analyzing that information must anonymize it first. That’s just one example of how the GDPR will have both broad and specific effects on data ethics in 2019 and beyond.
Some people spoke about the GDPR as if it were the lone development in privacy regulations. But there are others businesses will need to comply with soon. The California Consumer Privacy Act of 2018 (CCPA) differs from the GDPR in several ways and goes into effect on the first day of 2020.
For starters, customers must set up dedicated channels for customers to use when they request information on the data that businesses have about them. Plus, the data deletion guidelines for the CCPA and the GDPR are not the same.
Also, the European Union will soon update its ePrivacy Regulation, which deals, in part with consent for cookie use. But, the newest version will also address treatment for electronic communications. The current ePrivacy rules only apply to traditional telecommunications providers, meaning companies behind apps like WhatsApp and Messenger were in the clear.
However, proposed changes to the rules would make the regulation apply to Internet-based voice and messaging apps.
One of the likely reasons for the uneven issuings of GDPR fines across countries, as well as the slow associated process, is that those in charge of making legal decisions don’t have legal precedents to guide their actions. However, in 2019, people should expect regulators to become more concise in their interpretations of the law.
In a case occurring in November 2019 involving The Washington Post, the United Kingdom’s regulatory body decided a person in the EU cannot freely give consent to a company’s use of cookies — a GDPR requirement — if that entity also offers a premium version of its service that does not use cookies.
That decision affected an advertising practice that’s been standard in the U.S. for 20 years.
The GDPR intends to keep consumers’ data safer, but could it make the risk of company-wide data breaches rise?
Nearly a quarter of businesses polled about that topic believe it may. They point out the need for compliance creates an internal distraction and uses resources that might otherwise be devoted to cybersecurity alone. Survey respondents felt the risk for breaches is already higher than it was before GDPR.
This coverage is a sampling of what’s likely to happen thanks to the GDPR.
Now, it’s time to stay abreast of developments and see how many of the forecasted events come to pass.
All images via Rawpixel