GDPR chilling effects and what businesses can do about it
Global companies and the technology industry are currently facing a great challenge after European Union’s revamped data protection law, the General Data Protection Regulation (GDPR) firmly announced its deadline on May 25, 2018, and companies frantically acted for them to avoid hefty fines imposed by the law.
GDPR aims to protect EU citizens’ personal data
GDPR’s primary goal is to protect European consumers’ and employees’ personal data from possible misuse and/or abuse by negligent companies. The law, which is an update of the EU Privacy Directive of 1995, was initially introduced in 2016, implementing new sets of guidelines on how companies should collect, process and manage personal data of people from any member countries of the EU. Companies that are immediately affected by the GDPR includes financial companies like banks, insurance, and other companies that manage personal information and other sensitive data in order to make a transaction. In an article of the Guardian, Margot James of the digital ministry said people in the UK need to be assured that their personal information is protected after a massive data breach scandal involving Facebook. Under GDPR, companies are now accountable for managing personal data they receive.
GDPR is greatly affecting global e-commerce
Small and big e-commerce companies with cross-border operations especially those who have consumers coming from the EU are compelled to comply with the GDPR. Violators of the law are at risk of paying hefty fines that could reach up to €20 million. Companies in various industries immediately took drastic moves upon implementation of the law. For example, an article revealed that the gaming industry needs to comply with GDPR. Reports revealed that gaming companies are uneasy that they may violate the law because it’s broadly written. The law also protects EU consumers who play online games developed and owned by companies abroad. Although the law aims to protect consumers’ data privacy, senior policy analyst, Jay Stanley worries that GDPR could spark non-existent privacy scandals. Stanley referred to the Vizio smart TV scandal, alleging that consumers’ activities were being monitored by the TVs without their permission. The U.S. Federal Trade Commission ordered Vizio to settle US $2.2 million.
Companies need to follow a series of guidelines like data flow documentation, privacy shield registration, undergo necessary training, and understand terminologies to fully comply with GDPR, a privacy attorney previously wrote in Reddit. Such adjustments could shave off huge profits from companies.
Other companies either completely brought down their website activities or force users to agree to new terms of service. GDPR also created too much confusion as companies are misinformed about the law. Deputy information commissioner, Steve Wood previously said that companies can still send newsletters and that they don’t need to start everything from scratch. Some companies have totally block EU consumers from visiting or using their websites, while other companies completely ceased from operations to avoid hefty fines.
What might companies do with the situation?
E-commerce companies who wish to continue operation need to comply with the policies or face sanctions from the EU. An SME software and service provider has provided steps to prepare businesses for GDPR:
- Thoroughly understand GDPR and find out how it will particularly affect a business operation.
- Reassess and update all data protection policies.
- Find out if business transactions are affected by the policies.
- Involve stakeholders in ensuring proper personal data processing and consider revamping any policies involving data processing.
- Determine if systems are still in compliance with new policies and regulations that may include creating new procedures for staffs to follow.
- Ensure that IT personnel has a way to completely wipe out data from the system.
- Employers may consider having a separate consent form to get employees consent to provide personal information.
- Update any privacy notices in compliance with the new policies and make sure it’s easy for anyone to understand.
- Reassess business contracts outside the U.K. involving personal data.
Global consumers are likely to benefit from the GDPR policies, however, implementing it could trigger other unforeseen issues in the future and it may drastically change the way businesses operate.