Well, brace yourself: the EU General Data Protection Regulation (GDPR) will help to enforce some big commercial reprioritisations.
The GDPR concerns every EU citizen and every organisation within the EU or that deals with the EU and collects, processes and stores "personal" data.
The fines are steep, with up to 4% of annual global revenue or $20 million, whichever is greater.
Smaller firms will likely have more time to adapt.
GDPR also forces Google to address tools for children. A 2016 PwC survey indicates that 92 percent of USA companies consider GDPR compliance as a top priority and according to an Ovum Report, about two-thirds of U.S. companies acknowledge that they will require making strong operational amendments in handling data on European Union residents. But can the EU really enforce the new regulation against US companies without any physical presence in the Union?
Find out exactly how your supplier is using your event data.
She believes there is a misconception in many organizations that data protection compliance is merely a security issue.
IT Governance USA to host 'Why should North American organizations comply with the GDPR?' webinar
For now, its location products are real-time focused, but the company has hinted that in time there may be location-based products or features that require users to opt-in for new data to be collected or stored for a longer period of time.
2 Each EU member state will likely adopt its own rules with respect to GDPR compliance; thus businesses with significant contacts in the EU may need the assistance of local counsel in connection each applicable EU member state.
Facebook chief Mark Zuckerberg himself conceded the GDPR's importance after research firm Cambridge Analytica plundered the personal data of tens of millions of the social network's users for the 2016 U.S. presidential election. It is a powerful prompt to forensically assess all extant data governance, collection and processing legalities, security technologies and policies.
Similarly, as more health and credit records move into the digital realm and the Internet backbone, such records have also ended up being hoovered up by nefarious actors - from organized crime to unscrupulous companies to repressive governments, used for blackmail, character assassination, electoral fraud or outright theft. Cloud providers and payroll service providers constitute the processors. There are no prescribed time periods within either law, so organizations need to analyze how long they should maintain personal data for a specific goal. It might even be more important for that company than the Protection of Personal Information Act (POPIA).
Why are companies so keen to get users to give their consent to the new rules, known as GDPR? It works well with GDPR's requirement to avoid the overabundance of officials dealing with sensitive data. The first step is to adhere to the principle of "accountability" as stipulated by the rule and this involves establishing a GDPR compliance program which will assess the organization's current level of compliance and detect loopholes.
In addition, personal data gathered for one goal should not, as a general rule, be used for another, so the media shouldn't use contact details for marketing purposes when those details were originally gathered for the purposes of a story.
For data that is collected, one of the other aspects of GDPR that has impact is the anonymization clause. Additionally, GDPR covers both paper and electronic data.
Privacy by Design is also introduced, which means that only the data absolutely necessary to carry out duties can be held and processed.