EU prepares to usher in data privacy revolution
New European Union privacy and data regulations will transform the way companies collect, store and access data.
The General Data Protection Regulation (GDPR) will ensure that data is kept only with a user’s explicit consent and is used only for the purpose for which it was obtained.
The GDPR covers a broad range of personal data, including online identifiers, such as IP addresses and cookies, as well as credit card and health information at the other end of the scale. It will deal a massive blow to companies that collect data by dropping cookies on publisher sites, while content-recommendation engines will be forced to adapt.
When the new regulations come into effect on 25 May 2018, it will bolster and enforce the privacy rights of users by putting them back in control of their personal data. The GDPR enshrines the right to "data portability" - the idea that citizens should be able to transmit personal data more easily between service providers - although no-one is really sure how it will work.
Companies will no longer be able to exploit personal data for their own competitive advantage. Not only must permission to use data be clear and concise, but also it can be revoked at any time.
Many companies will have to rebuild their websites to block data collection on the first page, as well as redesigning storage solutions to protect data and maintain privacy. They must have the ability to delete personal data at any time, in order to comply with the right to be forgotten.
The GDPR harmonizes the different data protection regulations spread across EU member countries and will affect any company with audiences or customers in Europe. As well as cutting costs and red tape for European businesses, one of the benefits will be to make it easier for non-EU companies to comply with European regulations.
It imposes restrictions on the transfer of data outside the EU, to other countries or international organizations.
Full compliance will be a mandatory legal requirement for all EU-based companies. Companies will have to follow strict guidelines to ensure that data is processed in a fair and consistent manner.
Website owners are under intense pressure to comply. Not only will failure to comply trigger sanctions, including fines of up to €20 million - or four per cent of global turnover if higher, - but may also put brand reputation and the livelihood of businesses in jeopardy.
All this is hugely important for web users, but should also be seen as an opportunity for companies to build a new digital relationship with their customers based on trust. Although some data may be lost and what is left will be harder to keep, the data that companies do obtain permission to store is likely to be of a much higher quality.
The onus now is on the owners of web properties to show users how they can benefit from sharing sharing their data. In the end, though, most people will give consent as they will still want access to personalized content and services.