Lately it seems like the acronym GDPR has been on everyone’s lips. Well, at least as far as everyone who spends time online is concerned. You’ve probably got more than a few emails lately mentioning GDPR in relation to privacy updates.
That’s because most online businesses are currently in the process of making certain changes in order to comply with the GDPR. Furthermore, it is mandatory for these companies to let their users know about these changes, hence the aforementioned emails. The GDPR is set to go into effect starting with May 25th.
What is the GDPR?
The acronym stands for General Data Protection Regulation that was initially announced in May, 2016 and replaces the 22-year-old EU Data Protection Directive. The GDPR is meant to be the new standard by which companies conduct business online, how they collect, process, store and delete data. Strictly speaking, GDPR only concerns companies operating in the EU. In reality, though, most major companies have clients all over the world so these rules will apply to pretty much everyone. While companies with a presence within the EU can choose not to comply, there are consequences for doing so.
The GDPR is a very consumer-friendly move by the EU. The new standard is meant to strengthen data protection and reduce data breaches. Cyber security is a very hot topic for many people nowadays and unfortunately not all companies are taking it seriously. According to Proofpoint survey, 64% of respondents said they suffered a personal data breach at least once within last two years. In financial sphere, the numbers are even higher. The hope is that once the GDPR goes into effect all that will change.
Starting later this month, businesses will be held directly responsible by the EU for any data breaches. Companies that don’t tighten their security and allow user data to fall into the wrong hands will face serious consequences. We’re talking extremely heavy fines of up to €20 million (up to 4% of annual global revenue) or possibly even more in some instances. This may seem harsh, however, that just goes to show how serious the issue is.
GDPR’s Impact on Spam
One of the main goals of the GDPR is the reduction of spam. Everybody can agree that spam is one of the most annoying things on the internet. While it’s all but impossible to eliminate spam altogether, this is certainly an important step forward. Most people often receive emails from companies that they don’t remember subscribing too. That’s because the rules regarding consent have been pretty relaxed so far. This has allowed websites to add you to mailing lists and newsletters whether you wanted to or not. A lot of the time accessing a website just once is enough to make you a prime target for spam. That’s all going to change soon.
As part of the new rules, websites are required to be clearer in regards to what you are signing up to. Thanks to the GDPR, companies can no longer automatically sign you up for certain services just for visiting their website. The option for signing up to things like newsletters must also not be buried in the terms and conditions section. This was often the case until now as it’s a well-known fact that nobody reads the terms and conditions.
The new set of rules regarding consent should all but eliminate spam emails. While the EU can’t dictate what a spam email is or isn’t, this should at the very least eliminate some confusions. Starting with May 25th, companies are only allowed to send you emails if you specifically agreed to let them. The GDPR also says that it should be easy to subscribe from email services when users wish to do so. If you want to make sure that no unwanted emails reach your inbox it might be a good idea to also use spam filtering.
GDPR’s Impact on Cybersecurity
In addition to reducing spam, the GDPR is also attempting to make the internet a safer place for all. Principle 6, Integrity and Confidentiality, states that personal data should be processed with appropriate security where possible. According to the 2017 Verizon Data Breach Investigations Report, more than 80% of data breaches occur because of the stealing data by cyber criminals. Moreover, organizations should delete personal data when it’s no longer necessary. As mentioned, companies can face heavy fines in case of a data breach. Nobody wants that so the hope is that businesses will start taking cybersecurity more seriously from now on. The goal of the GDPR is twofold. On one hand, it should help keep cyber criminals in check, which is certainly a good thing.
On the other hand, it wants to encourage companies to learn more about the user data they gather. Following the GDPR, it will be much riskier to use this data without user consent. Needless to say, that’s good news for consumers who are worried about their privacy. Many times data is being sold to third parties that use it for their own purposes. Hopefully, these situations will become less common post GDPR.
Although these rules help users more than they help companies, businesses can also benefit from them. Consumers are much more likely to work with companies that take good care of their data. Businesses that protect data and take cybersecurity seriously will no doubt gain more trust from customers. In turn, this leads to a better reputation for the company, which is always great for business.