The EU’s General Data Protection Regulation — or GDPR as it’s being tossed around — goes into effect on May 25th. Many are preparing for its activation, primarily because they don’t want to be met with non-compliance fines and various repercussions.
It sets some strict policies and regulations for businesses involved in the EU, designed to protect the country’s citizens and rights.
While there’s no point in arguing whether or not it’s necessary now, it is evident that something like this has been coming. The question is, how many varying industries will the GDPR influence when it becomes active? Here’s a look at five of them.
Facebook is currently embroiled in a data rights situation, as a result of Cambridge Analytica’s vast data-mining process during the U.S. election season. Even though we’ve known social media companies have been harvesting our data for years, it revealed what they might actually be doing with said data. It’s exactly the kind of thing that GDPR is meant to protect EU citizens from.
It’s no surprise then that social media companies and online communities will be hit pretty hard when GDPR goes into effect. They must also be one of the first industries to comply — and fast. And in light of recent events, many are beginning to question these companies’ interest in protecting and responsibly handling personal data.
Retailers and online businesses are going to be hit pretty hard, especially with regard to how customers can request the handling of their data. Consumers can make it clear that they don’t want their personal data used for marketing purposes, and retailers must also comply when told to “forget” anything they have.
This means entire customer profiles used for proper targeting, advanced metrics and even customization are going to be in danger. They may need to find entirely new ways to gather information on targeted customers, especially if they fall into a niche group where every data point is valuable.
One in three EU adults intends to contact online retailers and companies to request their data no longer be leveraged for marketing purposes or that it must be “forgotten” as per GDPR guidelines.
GDPR isn’t just about limiting the use of restricted or sensitive data, it’s also about the handling of said information. Banks, for example, will need to bolster their security and data protection measures to comply with potential restrictions.
Furthermore, they will also need to comply with the proper visibility protocols, allowing consumers direct control and access to their relevant data. If a customer demands to see the information available, banks and financial institutions must be able to present this information in a safe, reliable way.
In turn, that means easy-to-use and convenient tools must be established or deployed to offer customers full control and accessibility.
The asset and wealth-management industry will also be deeply affected. It influences data privacy and security, the handling of information through third-party vendors and the classifications between data controller and data processor. You’ll want to ensure full compliance if you work or are involved with any of the aforementioned financial industries.
While cloud providers and remote computing solutions may not be directly responsible for the data coming in — it’s the customers they serve that are collecting said information — they are still bound by the strict regulations. These companies will need to rigorously prepare and update their processes to ensure compliance is met.
This also means cloud providers will need to find obvious protections for the rare occasion that a customer or client misuses data, immediately associating them with fines and legal punishment.
The healthcare industry has been making a massive shift, as a whole, to the digital, modern world. The emergence of EHRs or electronic health records and predictive analytics means that incredibly sensitive records are being kept and stored online. While the good news is that the medical industry is already strict with the handling and safety of these records, there are still concerns about compliance to GDPR because it’s more stringent than HIPAA.
Personal data is broadened under the regulation to include much more information and records, like IP addresses, photos and payment details.
Furthermore, organizations must be prepared to handle requests from affected EU patients quickly and reliably, with clear permission from the individuals involved to even collect data in the first place.
The right to erasure or be “forgotten” is relatively new to the medical industry — not just in offering the proper controls and accessibility but also adhering to compliance. The data can only be stored or kept for a certain length of time alongside limits for how it’s stored as well.
Because the GDPR is a regulatory update for those doing business in the EU, you absolutely must comply if it affects your customer base or clientele. You simply do not have a choice. That’s important to consider because while data security and privacy has been a concern, it’s been policed more by directives and general understanding.
The GDPR makes everything much more official. If you want to avoid fines and legal trouble, compliance is the way to go.
By Kayla Matthews
