Most US-based business leaders are at least somewhat familiar with the GDPR (EU General Data Protection Regulation.) Although this broad set of data regulations is designed to protect the privacy of citizens in the European Union, it will significantly affect US businesses as well. It will also likely lead to a new and costly cybercrime: “GDPR extortion.”
How will EU-based data regulations affect businesses in the US? What is GDPR extortion? How can businesses protect themselves? These are the questions I’ll address in this article.
GDPR In a Nutshell
As the most comprehensive set of data-security regulations in history (99 articles organized into 11 chapters, to be exact,) the GDPR is raising eyebrows and anxieties worldwide.
That’s because capturing customer data helps businesses in all industries improve marketing, sales, customer service and many other efforts. Now, thanks to GDPR, companies have to collect data much more carefully.
GDPR gives EU citizens something that doesn’t exist in the US: the right to personal-data privacy. What kinds of regulations are included under this set of laws? Although GDPR gets quite complex, here’s a brief rundown.
An EU citizen’s right to data privacy now outweighs a businesses’ interest in collecting their data. Therefore, under GDPR, each EU citizen has:
- The right to choose whether or not to allow their data to be collected
- The right to see all the data that’s been collected about them
- “The right to be forgotten,” meaning their data must be de-listed by Google and other search engines upon request
- And finally – the right that gave birth to the GDPR extortion phenomenon, which is the right to be informed of data breaches within 72 hours (such as breaches resulting from hackers)