Sign up here to get the latest news, updates, and early access to our research and white papers.
If you aren’t familiar with the General Data Protection Regulation (GDPR) yet, it’s about time you get familiar. The GDPR was approved in the European Union in April 2016 and will go live on May 25, 2018. It’s the most ambitious set of privacy laws to ever be passed.
In the age of big data, the GDPR is here to protect individuals and their right to determine how a company uses its data. In 2018 alone, we’ve already read about major data breaches involving companies like Equifax and Facebook. Therefore, the GDPR works to protect an individual’s privacy and to hold major companies accountable for the data they are collecting about their users.
From now on, companies will now require the consent of individual users when it comes to data collection. For instance, if users don’t give their consent, a company will not be able to collect your data and if they abuse these laws the fines are substantial. Most importantly. the legislation will directly affect “controllers” and “processors” of data.
A controller is any entity that states how and why data is collected and processed. For example, Amazon, Facebook, and Google are all controllers because they collect and control how the data is accessed, analyzed, and processed.
On the other hand, a processor is any entity that handles the processing of the data. In most cases, this will be IT firms that store the data and directly interact with it in some way.
Certainly, with the rise of the Internet of Things, personalization, and other big data initiatives, the GDPR was a much-needed piece of legislation to motivate companies to develop secure systems for collecting, storing, and transferring user data. Above all, under the GDPR individuals will now have more power to control how a company collects and handle their data.
Here are just a few of the things you can do:
However, while you may be thinking that it seems easy for companies to ignore these requests, the EU is already one step ahead. To clarify, companies that violate these types of requests will face major fines. Failure to comply with GDPR laws can result in fines between 2-4% of a company’s annual revenue, or $20 million Euros, the total is based on whichever number is larger. In fact, for larger technology companies, a fine this large is crippling and has prompted a large-scale response to the legislation.
There are three main bodies that serve in an authoritative role under the GDPR. These bodies include:
Any company that interacts with EU citizens must become GDPR-compliant. That is to say, most large American companies have already developed their own systems to make their companies GDPR-compliant. Most importantly, when Facebook CEO Mark Zuckerberg testified in front of the House committee, he suggested that Facebook was going to automatically extend the new rights granted under the GDPR to all Facebook users.
Since the initial announcement, companies have been scrambling to create systems to help them follow the new set of rules. The data protection officer (DPO) is a direct result of the GDPR. Large companies have appointed DPOs in order to develop internal systems that will keep them GDPR-compliant.
Here are just a few tasks a DPO is responsible for:
Thus, making your company complaint may seem challenging, it’s something all companies need to do before the legislation goes live. Whether your company is big or small, you need to take the right steps to become compliant. Above all, Recommend is a GDPR-compliant personalization platform that falls under the processor label in the guidelines. We provide automated, on-site recommendations to your users as they browse online stores in order to boost conversions and increase user engagement.