European Union’s GDPR Enforcement One Month Away
General Data Protection Regulation (GDPR) legislation passed down from the European Union will finally take effect on May 25, 2018 after two years of transition time.
The new rules for companies harvesting user data will protect privacy and hopefully limit Cambridge Analytica-type scandals in the future. Social media giants, AI companies, and advertising technology firms will fill the effects of GDPR, while other industries may not notice the new restrictions.
“Marketing and advertising agencies, especially in the US, won’t necessarily be impacted by GDPR. The companies who provide programmatic advertising platforms, however, will have to reexamine how they do business,” said Adam Gingery of Majux Marketing, a firm specializing in Google Adwords for Lawyers.
photo/ screenshot YouTube
GDPR Overview:
While the EU has been regulating data usage for years already, the new laws include the following adjustments:
- The penalties for violating GDPR have been increased
- The minimum age for users is now higher
- Large companies must hire a “data protection officer”
- The regulations apply to companies with customers in the EU
Harsher Penalties for Infractions
Enforcing penalties on companies that violate data use agreements is nothing new, but the punishments are now much harsher than before. Prior to GDPR, the max fine was 500,000 euros, which is a drop in the bucket for most firms guilty of such violations.
The EU can now impose penalties of up to “4% of annual turnover,” or 20 million euros, whichever is the larger sum. That’s a huge change, and those fees will be necessary if the EU is going to be able to afford the cost of enforcement. The 4% fine will only be in the most severe cases; more often, we will see penalties of 1-2%.
Lower Minimum Age for Users
Regarding age, internet users in the European Union must now be at least 16 years old to consent to their data being used online. Teenagers do not make up a large percentage of the ecommerce market, but they are heavily invested in internet usage and social media activity. Companies like Facebook will be impacted by not being able to feed these users’ data into their artificial intelligence models.
GDPR allows for individual member states of the EU to set their own age threshold (meaning that it mustn’t necessarily be 16 years old). However, the hard limit for an individual to sign up for digital services like a social media platform is 13; even if a member state wants to make the age limit lower, they won’t be able to.
GDPR Will Require an Investment from Large Companies
Per new EU regulations, large companies benefiting from user data must hire a new executive to oversee privacy. In Facebook’s case (and other social media giants as well), this could amount to a hefty expense when you account for a sizable salary. After weighing in the cost of putting employees on GDPR duty full time, the expense for compliance gets even higher.
American Companies Can’t Turn a Blind Eye
Despite the fact that these regulations will touch European countries the most, American companies with customers in the EU must also comply. It’s likely that large USA-based tech firms will get an early jump on compliance, since providing European customers with better privacy protection than US customers won’t be a good look, PR-wise.
Author: Adam Gingery
