No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

A Year to Go: Why GDPR Matters

by Christian Auty
April 20, 2017
in Data Privacy, Featured
IT professional in server room

Steep Penalties for Violations

The General Data Protection Regulation (GDPR) influences the data privacy obligations imposed on companies to protect the unauthorized dissemination data and promote privacy. The GDPR is a step toward one single digital market and has significant momentum notwithstanding geopolitical developments.

The General Data Protection Regulation (GDPR) is set to go into effect across the European Union in May 2018.  Following a general trend both in Europe and in the United States, the GDPR ratchets up significantly the data privacy obligations imposed on companies with the goal of further protecting citizenry from the dissemination of their data.  As one observer noted, the GDPR represents a major step toward a single digital market.  Yet, with Brexit now reaching finalization and other consequential elections on the horizon, many have questioned whether the GDPR will ever come into force.  This article examines why the GDPR is likely to go into effect and why it is likely to have a significant impact on American businesses.

The GDPR Will Remain

No matter where one stands on merits of the English Brexit, the fact is that some measure of international cohesion with respect to data regulation is probably necessary and desirable.  The question is what impact will be felt with these regulations in the wake of the Brexit.  Although the timetable is not firm, it is highly likely that Britain sill will be part of the EU in May 2018, in which case the GDPR will automatically go into effect for British subjects.  And even upon departure, if Britain joins the European Economic Area, the GDPR will continue to apply with some minor exceptions and caveats.  In either scenario, British regulation will substantially mirror the GDPR. Indeed, even if Britain completely severs relations and the GDPR ceases to apply, recent statements from British politicians across the political spectrum indicate that further cooperation with the EU on this issue is likely. It would be very counterproductive to foist compliance with an entire regulatory regime on British businesses for a period of time only to rescind all such regulations, thus imperiling the ability of a British firm to hold European data subject to the GDPR.  Therefore, it is unlikely that the Brexit will have a meaningful effect on the scope and application of the GDPR.

The GDPR Matters for American Business

The GDPR expands the EU’s regulatory jurisdiction significantly, and it is likely to directly apply to a significant number of American entities.  It regulates data controllers or processors outside the EU whose processing activities relate to the offering of goods or services to EU citizens or the monitoring of EU citizens. So the GDPR will apply not only to Facebook and Google, but also most entities doing any type of business in the EU that rely on and retain information about individuals.  In short, lots of businesses in the U.S. will end up being data controllers or processors.

Much of the commentary in the U.S. thus far has focused on the need for subject entities to designate Data Protection Officers (DPOs). This requirement may very well create thousands of new positions, but the aspect most likely to get the board’s attention is undoubtedly the fines.  The fines for the worst violations are nothing short of huge: 4 percent of annual worldwide “turnover” (revenue) or €20 million, whichever is higher.  The goal of these numbers was to get the attention of the most senior executives, and on this score the GDPR surely succeeds. Regulators have urged boards to focus on privacy issues and consumer protection for years, and now they have a new, substantial weapon in their arsenal.

Additionally, the data security and breach notification requirements are stricter than almost any American regulations and will therefore require a recalibration of existing policies and procedures to meet a new and higher standard.  Article 32 of the GDPR provides specific recommendations for data security risk management such as “the pseudonymisation and encryption of personal data” and “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.”  These are only recommendations, but they are more specific than the vague references to reasonableness in most current regulations.  In addition, under the GDPR, the window for reporting a data breach to a Data Protection Authority (DPA) is reduced to only 72 hours.  Thus, in many important respects, GDPR compliance will represent the new, more exacting standard for many American businesses.

The GDPR is coming, and politics won’t stop it.  Its momentum, at this juncture, is likely to carry it through to full recognition in Europe.  And it is likely to impact a host of American firms, requiring a recalibration of existing policies and procedures to address the storage and processing of European data.


Tags: BrexitGDPR
Previous Post

United’s Crisis Mismanagement and Corporate Culture

Next Post

EVERFI Acquires Online Compliance Training Leader Workplace Answers

Christian Auty

Christian Auty

Christian Auty is a Principal at law firm Much Shelist. An experienced litigator, Christian has an established reputation as a strong client advocate and is well-versed in issues on the intersection of law and technology, including data privacy and data breach response, electronic discovery, data storage and retention practices and information governance. .

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
EVERFI Acquires Online Compliance Training Leader Workplace Answers

EVERFI Acquires Online Compliance Training Leader Workplace Answers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT