There was uncertainty over what the exact impacts would be when the European Union’s General Data Protection Regulation (GDPR) took effect in May 2018. Into its second year, it seems the law is providing some unforeseen benefits to big tech companies.
The GDPR synchronizes data privacy laws across Europe, with the aim of protecting and empowering EU citizens when it comes to their data privacy.
The effects of the GDPR have been felt far and wide, as any company that offers goods or services to EU residents must comply, regardless of its location. Penalties for noncompliance include fines of up to €20 million ($22 million), or 4% of a company’s global revenue, whichever is higher. That provides a compelling reason for companies to pay close attention to their data-processing functions.
An interesting and possibly unintended short-term upshot of GDPR involves advertising. The regulation has spurred marketers to move more of their advertising money to big tech companies, notably Google and Facebook.
As how individual countries enforce GDPR is still being worked out--a uniform standard is unlikely anytime soon--companies are spending their digital ad budgets with the big tech companies they trust to follow the rules, The Wall Street Journal reported.
Because smaller data-collection and ad-tech companies now have higher hurdles to clear for individual consent, they’re losing out to the big tech companies, which already have direct relationships with consumers using their products. At the same time, some smaller organizations have struggled to become compliant with the regulations; a lack of resources to invest in the necessary infrastructure often is the cause.
LRN offers several educational resources for companies and employees affected by the regulation, including “Data Privacy and Protection: A European Perspective”; “Data Protection and Privacy: An Overview”; and “Data Protection, Privacy, and Information Security: An Overview.”
Beyond GDPR, in the U.S. the California Consumer Privacy Act is expected to take effect on Jan. 1. Similar to GDPR, it will allow consumers to know what personal data is collected and where and how that data is being sold or disclosed.
Given the uncertainties, workplace education on data protection and privacy should be a priority for business executives. The best education programs need to emphasize the obligations of the organization and its employees to safeguard data. This not only reinforces the legal requirements that companies and employees need to meet, but also ethical ones.