- GDPR compliance is a moving target, but regulatory guidance is clarifying provisions in the law.
- GDPR served as a catalyst that kicked off a global wave of data protection regulations.
- Enforcement of GDPR is just beginning, with more fines likely to follow in 2020.
- Compliance with data protection regulations isn’t just a regulatory consideration; it builds brand loyalty and trust with your customers.
The European Union’s sweeping data privacy law, the General Data Protection Regulation (GDPR), sent many companies scrambling to come into compliance (or at least attempt to) prior to its implementation in May 2018. The EU law covered EU citizens’ data anywhere in the world, meaning companies globally would have to comply or face fines up to 20 million euro or 2% of their annual global turnover (or revenue) per violation, whichever is the greater amount.
Among the rules the GDPR put into place for the “data controller” and “data processor” to follow were rights and freedoms granted to the data subject, or individual user. These include the user’s right to consent to data collection, the right of a user to request deletion of their data and the right of a user to access their data. Meaningfully responding to these rights meant many companies had to put in place systems and processes that previously did not exist. Moreover, unanswered questions about what, precisely, certain clauses in the law meant left some companies unsure if their efforts were in vain.
Now, more than a year after GDPR implementation, some things are clearer while other questions remain. What have businesses learned and what remains unclear? Most importantly, what can we expect from the GDPR supervisory authority bodies in 2020? And what does the rise of other data privacy laws, such as California’s Consumer Privacy Act (CCPA), mean for businesses?