It is estimated that there will be approximately 2.1 billion digital buyers in the world by 2021. In recent years, technology, more so the internet, has transformed the business landscape.
Other than e-commerce stores, having a digital presence is a bare minimum requirement for all companies. Whether large or small, businesses must use digital platforms to interact with customers and remain competitive.
In most cases, customers share sensitive personal information in order to access services or for products to be delivered. If such information falls into the wrong hands, customers are left vulnerable and companies liable for any damages that ensue.
As recent scandals have demonstrated, a data breach can cost your organization millions of dollars. This begs the question, how secure is the data you collect? To address data security concerns, the European Parliament, the European Commission, and the Council of the European Union approved the General Data Protection Regulation, which took effect in May 2018.
Read on to learn more about the GDPR and what to expect from it in 2020.
What Is The General Data Protection Regulation?
The GDPR is a set of stringent data security measures designed to protect the privacy of residents in the European Union. Any business, whether large or small, based in the European Union or not that offers its services to EU residents must comply with the regulations.
Some of the sensitive data the GDPR aims to safeguard includes:
- Addresses and identity information
- Data pertaining to the genetics and health of consumers
- Political affiliations
- Sexual orientation
- Ethnic or racial data
For your company to process the data of EU consumers, you must first request and receive their permission. If you want multiple sets of data, you must request permission for each set separately. This can be done through online forms, but consumers must confirm their approval via email.
Complying With GDPR
However, stringent or stifling some of the GDPR rules may seem, compliance is non-negotiable if you wish to serve the EU market. If you operate in the EU without fully complying, you may face fines of up to € 10 million, or 2% of your organization’s global annual revenue from the previous year if it’s more for minor infringements.
For serious infringements, your company could be fined up to € 20 million or 4% of its global annual revenue from the previous year, whichever is more.
Here are some steps to help you comply with the GDPR:
- Know all the sources of customer data in your company and how you use it
- Do not process consumer data without consent
- Delete all unnecessary data
- Assess and heighten your security measures
- Train employees on how to handle consumer data
- Follow the guidelines on the use of data
If you work with any other third party institution for data storage or processing services, ensure that they are also compliant. If a breach occurs on their side, your organization will also be liable.
How Does GDPR Compare To CCPA?
Just like the European Union, California passed the California Consumer Privacy Act (CCPA) in 2018 to protect the data of its residents. CCPA officially became active in Jan 2020. Unlike the GDPR, which operates on an opt-in basis for consumers, with the CCPA, consumers have to opt-out.
With the CCPA, only for-profit organizations that meet at least one of the following requirements are required to comply:
- Above half of the revenue comes from selling consumer data
- Annual revenues exceed $ 25 million
- The data handled annually is for 50,000 or more Californians, households, or devices
Non-compliance fines for the CCPA can be as much as $ 2,500 for each violation or up to $ 7,500 for each intentional violation.
How Is GDPR Faring?
As per the GDPR regulations, in May 2020, the European Commission is expected to review how the member states of the EU have conformed to the GDPR. Thus far, only Portugal, Greece, and Slovenia have not aligned their data protection regulations with the GDPR.
With only three countries yet to align national data protection regulations with the GDPR, it is evident that GDPR has been generally accepted by EU states. Though the UK is poised to comply with the GDPR IN 2020, it remains unclear as to whether Brexit will affect its approach to data security going forward.
The Future Of Consumer Data Protection
Though there are websites that have opted to block access to EU residents, this may not be a viable long term approach. In the coming years, more jurisdictions are expected to pass regulations on how companies use and protect consumer data.
As such, it is vital to set stringent data protection measures within your organization early on. Though the GDPR and CCPA differ in some ways, they have similar objectives. If other jurisdictions set their consumer data protection regulations, they’re likely to borrow from these two.
As such, once you comply with GDPR or CCPA, complying with other data regulations will be easier.