On 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. Companies in breach could potentially be fined up to €20 million, or 4% of their global annual revenue for the previous financial year, whichever is higher. The GDPR represents the most comprehensive set of data protection rules currently in place in the world.
The EU is not a military superpower. It is, however, arguably a regulatory superpower. On data protection, Europe is visibly leading the pack, and other countries may soon adopt similar rules. In the US, lawmakers are already considering GDPR-style regulations in the wake of congressional hearings with Facebook founder Mark Zuckerberg about data protection.
That’s not to say there hasn’t been criticism. There has been widespread confusion about what is and isn’t covered by the GDPR, and some companies (particularly Small and Medium Enterprises) have withdrawn from the European market or shutdown operations entirely rather than absorb the costs of compliance. There are also worries that diverging regulatory regimes may start to break up the global internet into regional or national chunks, governed by different rules.
Nevertheless, the counterargument is to wonder what precisely companies were doing with our data that prevents them from operating in the European market? Furthermore, proponents argue that data based on explicit consent from users will anyway be much more useful to companies, because it will be gathered from individuals who are engaged and interested in your company and its services.
What do you think of the GDPR? Should countries around the world follow Europe’s lead and implement their own versions of the GDPR? Let us know your thoughts and comments in the form below and we’ll take them to policymakers and experts for their reactions!