What is GDPR?
In the United States, companies can pretty much do whatever they want, as long as there isn’t a law prohibiting it. The US only has laws that protect health information online, financial records, and the data of children. Other than that, its pretty much free-reign for companies to do what they wish with your information online.
Sounded nice and dandy until over 87 million Facebook users had their entire profiles land in the hands of a hostile foreign power last year, who absolutely did use the information with malicious intent.
You may think that this law was whipped up and put into effect because of the recent string of data privacy breaches or the Cambridge Analytica scandal, but no, the EU initiated this regulation way back in good ol’ 2016. Remember 2016?
The law is incredibly complex, but to oversimplify it, we can define it with a few of its major points.
Companies now need A LOT more consent to collect your data
You may have started seeing little pop-ups on websites in the past year or so about delicious sounding “cookies” being gathered about your visit to their corner of the web. Cookies are tiny files that are stored in your computer that hold data about your actions on a website, and often information about where you came from. This allows the website to tailor itself more accurately to its user, and give insight to companies to refine their marketing efforts.
Basically, no one can automatically “pre-check” a virtual box that says, “you can track my behavior throughout my journey on your website, including how I got here, what I’m reading, where I am in the world, who I am, and why I’m there” without my explicit consent.
You are only required to share data that is necessary to make certain services work
If I was going to send you a nice hand-written letter, snail mail style, I would absolutely need the following information from you:
- Your Name
- Your Full Address
I do not need your birthdate, favorite food, favorite color, favorite movie, political leaning, sexual orientation, race, or any other obscure fun-fact you can think of about yourself.
For years, companies have taken the approach: “Let’s trick people into giving us as much data as possible, we might be able to use it someday down the line for marketing…”. Ding! Ding! Ding! Not allowed after May 25!
Privacy policies need to be easier to understand
The information about how your data will be used also cannot be obscured by legal jargon. It will be very interesting to see how this type of thing is actually enforced, since the regulations often exist in grey areas.
The penalties for non-compliance are severe…
Getting caught breaking the laws of GDPR is NOT a good position to be in. The new law will allow regulators to inflict up to a 4 percent fine on a company’s global revenue. That could be billions of dollars for companies that do business around the world.
Sometime in 2019, we will no doubt see a large company made an example out of for breaking GDPR privacy regulations… I’m calling it right now.
Will GDPR hurt businesses?
That is the big debate going on right now. On one hand you could say that GDPR will give big corporations a massive advantage over small ones. The fear is that small companies won’t be able to spend millions of dollars in expenses that come with their new obligations to protect data, and will get sued out of business, or be unable to stay afloat.
The other argument is that people in general don’t trust companies already these days, and that GDPR shouldn’t be a scapegoat for lost profits, but an improvement on how companies do businesses on the Internet. Maybe this would result in more creative efforts by companies to more closely interact with their consumers online, which may improve the quality of the web?
Either way, we’ll find out soon enough. Happy GDPR Day!
If you’ve got any questions about what you should be doing about GDPR, or if you need some help with branding, content creation, or website design, feel free to reach out. As of now, we will be developing all of our website projects and online marketing for full GDPR compliance!