With the presence of the internet, our lifestyle dramatically shifted to entrusting significant activities online. The way people communicate and perform daily tasks are primarily focused on digital devices like mobile phones, tablets or computers. Hence, we send out emails, log in on social media, purchase commodities and pay bills — all by means of entering personal information online as requisites before we can perform the latter.
Have you ever paused for a while and contemplate about these recurring virtual activities? To ponder about the collective personal and critical data you have shared online? Where does this information go?
The critical information we have been talking about is your user logins, bank information, contacts, IP address, and activities performed virtually. Rationally, logging in of information is a process for computer security, identification, and authentication. For online purchase and billing, inputting of bank credentials is the logical method of payment. For the companies standpoint, collecting this type of data is for the purpose of offering relevant and target communications, for a superior customer service.
With the deep-seated questions surfacing around data security, EU had finally responded by enforcing the new European privacy regulation last May 2018 called GDPR. And this massive change caused an uproar among many companies as it permanently changes the approach of collecting, storing and using customer information.
What is GDPR?
The General Data Protection Regulation (GDPR) came into full force in the entire EU member states as the new European privacy regulation, last May 25, 2018. The ordinance was implemented for all companies who sell and store personal data about citizens in Europe — including local industries as well as other countries across the globe. Furthermore, the said regulation was materialized to provide superior control over personal information and protect it from security breach and fraudulence across Europe.
In accordance with the GDPR directive, the personal data constitutes any information classifiable to a person. This information — can be directly or indirectly identified a specific to an identifier — by means of a broad spectrum of data including a name, an email address, location or bank details, medical information, social networking updates, photos and a device’s IP address.
The Implications of GDPR to Business Industries
When the new data protection regulation placed in motion, consumers took the saddle consequently. Companies and organizations alike were taken aback, yet they don’t have the choice but to withstand and thrive along the way despite the changes. Otherwise stated, any data processing from businesses established in the EU region are subject to the GDPR, regardless if the process takes place in the dominion or not. Besides, companies from the offshore industry (non-EU agencies) who offers products or services to inhabitants in Europe are also ordered to comply with this arrangement.
With this modification, business leaders have to rethink their corporate strategies before penetrating the EU market for any territorial operations. This concerns any marketing and sales activities on which far-reaching implication to customer engagement transpires. The GDPR provision also asserted that an appointment of a data protection officer or data controller is imperative for strict compliance. Additionally, organizations who failed to conform to this ordinance will be penalized with fines of up to 20 million Euros or 4% of annual global revenue.
The Deadline is Long Overdue — is it too late to act?
We witnessed the strong coverage and headlines surrounding around the GDPR policy all over publications and televisions — and many companies took a high sprint just comply before the deadline ends. However, many from these businesses failed in vain despite the collective effort of scrambling and hustling. Now, the question of everyone — will they get reprimanded or penalized for failing to conform? Well, the answer is NO.
The Information Commissioner’s Office (ICO) stated that the deadline should not generate apprehension to non-compliant businesses yet. They further confirmed that penalties are only subjected for extreme cases only. However, businesses of all sizes are expected to make some effort rather than delaying the conformity. From the inception of the GDPR announcement, ICO themselves were not expecting everyone to confirm adequate measures as the process will take time. Rather than resorting to penalizing non-compliant agencies, they advocate in assisting guidance to alleviate roadblocks.
In a similar note, organizations who became a target of investigations should not worry as long as the internal process for GDPR compliance takes place and evident. Provided that the company demonstrates commitment to this lawful obligation, signifies a strong work ethic to delivering excellence and protection.