Despite fears that GDPR is rules-heavy and compliance costs could push up the cost of doing business, particularly for smaller firms, it’s right to ensure that consumers should be put in charge of their personal data.
The apparent free-for-all with personal data simply couldn’t go on.
The new rules, which come into force in May, require companies to be much more careful and upfront around what they do with data. Consider that they’d have prevented Cambridge Analytical from gaining access to the data of 87 million Facebook users without their consent and it shows the absolute need for what is being hailed as the greatest shake up in data protection laws in a generation.
In fact, there have been calls from consumer groups for Facebook to make the European Union’s incoming GDPR data protection framework the “baseline standard for all Facebook services”.
The update is intended to strengthen consumers’ control over how their personal data is used by bolstering transparency and consent requirements, and beefing up penalties for data breaches and privacy violations.
The ICO, which implements data protection rules, will have more powers.
Fines for non-compliance are eye watering.
In an open letter addressed to Facebook founder Mark Zuckerberg, a coalition of US and EU consumer and privacy rights groups urged the company to “confirm your company’s commitment to global compliance with the GDPR and provide specific details on how the company plans to implement these changes”.
Zuckerberg has admitted that regulations like GDPR are, overall, very positive, stating that Facebook “intends to make all the same controls available everywhere, not just in Europe”.
GDPR lets users gain access to, and to correct, information that firms hold on them. It gives consumers the right to transfer their data to another organisation. It requires companies to define how they keep data secure.
The GDPR’s premise, that consumers should be in charge of their own personal data, is the right one. Adhering to that will be good for business in the long term, with GDPR sure to improve choice, control, and transparency for consumers.
The new economy is based on data. It requires securing, yet for too long scant regard has been paid to data.
This is clearly an opportunity for businesses to build confidence and trust and demonstrate they have robust processes and systems in place when it comes to handling personal data. Building trust in our defences is essential.