No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

How GDPR Has Impacted Businesses

by Nick Henderson
November 26, 2018
in Data Privacy, Featured
GDPR on specter of EU flag

Data Privacy in the U.S. 6 Months On

It’s now been just over half a year since the deadline for compliance with the European Union’s General Data Protection Regulation (GDPR), and – predictably – the regulation has affected organizations far beyond the EU. Nick Henderson discusses what’s come to pass since May 25 and what changes may be coming.

One could be forgiven for assuming that the EU’s General Data Protection Regulation (GDPR) would have little impact on companies outside the EU. However, after just six months since the legislation was enforced, it is clear that quite the opposite is true. Many American corporations are still grappling with compliance and have implemented some drastic and desperate strategies in response to the new regulations.

For example, a number of organizations that failed to get a handle on the rules in time have resorted to simply blocking all EU visitors from their websites in an effort to altogether avoid the complications of processing their data. Taking it to a further extreme, the social media company Klout decided to simply call it a day and shut down on May 25 due to their inability to comply with the legislation’s requirements. It’s therefore important to take a closer look at how and why GDPR has impacted American organizations and what the future of data protection may look like in the U.S.

Why are U.S. companies affected by GDPR?

American organizations are impacted by GDPR to almost the same extent as their EU counterparts. This is because Article 3 of the regulation states that if you collect data from anyone in the EU, you must comply with the rules of GDPR. Therefore, any organization with a website that collects data from its visitors is subject to the legislation, irrespective of which countries they operate in physically. In other words, pretty much every organization around the world is subject to the regulation.

What does this mean for GDPR compliance in the U.S.?

Europeans do not differentiate between EU and non-EU companies when considering what is happening to their data. This means U.S. firms are just as likely as European firms to receive subject access requests from individuals in the EU. Therefore, American organizations require the expertise to process these requests and must be familiar with GDPR recordkeeping rules. Consumers will also expect the same standards from U.S. organizations with regard to the rights mandated by GDPR to opt out of marketing and have their information deleted.

There is also no distinction between EU and non-EU organizations in terms of the penalties that can be imposed for breaches. Under old European privacy laws, a company could be fined up to £500,000 ($650,000). This pales in comparison to the £20 million ($26 million) or 4 percent of turnover (whatever is larger) that can be enforced under GDPR. There will be several U.S. firms breathing a sigh of relief that their data scandals occurred the other side of May 25. Most notably, Facebook would have been staring down the barrel of a $1.6 billion fine, approximately 3,000 times the size of the slap on the wrist they received for the Cambridge Analytica scandal. That said, the Wall Street Journal recently reported that it may have only been a temporary reprieve for the social media giant, as fresh investigations are underway into additional data breaches.

Further, GDPR has gained such attention and is so far-reaching that it has caused people across the globe to be more wary of how their data is being used. Therefore, even the organizations that technically don’t have to comply with GDPR are likely to have their data practices scrutinized by the parties they interact with.

California’s Data Privacy Law and Beyond

It’s no surprise that in the data-conscious climate created by GDPR, the State of California, which is home to the world’s most powerful internet enterprises, has stepped up their game on data privacy. The California Consumer Privacy Act, passed by the legislature in June, takes a stride toward aligning America’s data protection laws with Europe’s. While not quite all-encompassing, with only firms that meet certain criteria being subject to the requirements, many of the provisions seem to be modeled on GDPR’s, such as the “right to erasure” or transparency over how your data is being used.

Advocates of federal data protection laws also now seem to be making significant progress. After more than a decade of stagnation, the Senate has recently been debating the introduction of new legislation with more intent than ever before. Discussions were held in Congress on both September 26 and October 10, 2018, and there is a feeling that it will be taken more seriously this time, not least because representatives from Amazon, Apple, Google, AT&T, Twitter and other tech titans were all present in September to endorse the proposal.

Additionally, Senator Ron Wyden has recently unveiled his Consumer Data Protection Act bill that proposes not only colossal fines for data privacy breaches, but also up to 20 years’ jail time for executives that are responsible for noncompliance. Whether a bill containing such severe ramifications will pass remains to be seen, but it is plain to see that it is only a matter of time before the need for reform of federal data privacy legislation in the U.S. will be met.

Conclusion

There is no doubt that GDPR has instigated a global shift in how ownership of data is perceived. Lawmakers in America have taken note and are starting to act. It’s highly unlikely that the phenomenon of blocking web access in certain locations due to panic compliance (or lack thereof) with data protection regulations has seen its final day. U.S. organizations must ensure they have their policies, procedures and GDPR training in place to avoid running into trouble, and they should be looking ahead at what data privacy legislation is on the horizon so they can prepare internally.


Tags: California Consumer Privacy Act (CCPA)GDPR
Previous Post

Addressing Geopolitical and Regulatory Shifts

Next Post

Privacy Is (Now) Your Business

Nick Henderson

Nick Henderson

nick-hendersonNick Henderson-Mayo is the director of learning and content at VinciWorks, a leading AML and compliance training and software company. He previously worked in policy at the Scottish Government and in civil society. He creates compliance training for the world’s top law firms and blogs about money laundering and compliance topics on LinkedIn and Twitter: @nick_compliance.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
man staring intently at laptop

Privacy Is (Now) Your Business

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT