The 25th has arrived in the EU and that means that the GDPR is released and active, as well as already drawing up some paper work for lawsuits against companies that are not readily complying with the new regulations.
The GDPR is all about “privacy by default” meaning that a product or service that is to be used by the public is to have its settings set to the strictest levels right off the bat, without any effort on the end users part. This is to restrict and protect users data from the get go, instead of relying on them to traverse the settings menus and change it themselves.
The new form of data protection is a response to many problems that have become too widespread to deal with, with the rise of technological involvement for people of all backgrounds and computer experience.
As the new regulations get under way, many companies have scrambled to conform to these new rules so as not to risk the large penalties that follow confliction with the regulations. These fines can be up to 4% of global annual sales per instance of conflict for the larger companies, while for the smaller companies a smaller but still severe price.
A survey around the EU recorded that 85% of firms said they were not ready for the new regulations to come into effect, and one in four stated they would not be ready till the end of the year.
To avoid penalties some companies have decided to halt their services until they are ready to comply, while other plant to mitigate the damage as much as possible but still pay for some of the violations.
Some of the most prominent companies today like Google, Facebook, Instagram, Whatsapp and the like are all bracing for the incoming lawsuits that are already being prepared by privacy advocates.
The large businesses can still operate using data from their users, but only under the conditions that consent was given, and that the companies can prove they have a lawful basis for doing so. The main priority is to respect the customers wishes about their information, even in cases where customers wish for a company to delete their data from the company servers, they must abide.
If a company fails to prove they have been handling data correctly they will face the penalties, along the same lines, if their data that had been consented and proven to be used in a lawful manner but breached by an outside source, they will be required to report the incident within 72 hours, or be fined.
The EU is clapping down on big tech companies, stripping them of their rule bending methods and attaching heavy fines to boot.
Some companies however are not in a position to comply with the new regulations and as a response have cut ties with European customers and services to avoid any possible repercussions. Mainly this refers to smaller companies who just don’t have the resources to abide by the new rules, but some companies who do have the means, don’t align with the new rules and prefer to just continue onward without them so they cut ties.
Some think that eventually bigger companies will decide “it’s not worth it” to continue maintaining the necessary effort for GDPR and will pull out of EU as well. This will cause quit a unique shift for the EU market and only time will tell what occurs.
What do you think about the GDPR?
Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!