GDPR: Immediate Fallout
The Y2K Event of this decade? GDPR’s hype looked a lot like the millennium cyber-clock meltdown, according to some. But here’s a key difference: GDPR has actually spurred immediate, tangible changes to our global business landscape.
Check out some of the aftermath following GDPR’s enforcement date, May 25, 2018.
- Standardizing higher standards: The U.S. is set to embrace GDPR-like regulations.
- With GDPR top of mind, recent personal data breaches in the U.S. have drawn country-wide attention and will ultimately result in stricter regulations to protect American consumers’ data.
- When Exactis, a small Florida-based marketing firm exposed personal data of 340-million people and businesses in the U.S., a civil class action case soon followed. “If U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is,” said security researcher, Vinny Troia.
- California Consumer Privacy Act of 2018 (AB 375)
- California leads the charge in protecting domestic data with a law that closely mirrors GDPR. In advance of the act’s effective date (January 1, 2020), companies who do business in California must start reassessing their consumer privacy policies and practices.
- Microsoft extends new privacy protections worldwide.
- In addition to better protecting the data of EU customers, Microsoft is going the extra mile to reinforce data protection for consumers across the entire globe. “Companies like ours have a huge responsibility to safeguard the privacy of the personal data we collect and the data we manage for our commercial customers,” said Microsoft’s Julie Brill, Corporate VP and Deputy General Counsel in a recent blog post. The post explains why Microsoft will treat GDPR as more than just a legal obligation – it’s a chance for them to further foster trust with clients.
- Facebook, Google, Apple, Amazon, and LinkedIn have come under fire.
- Facebook and Google have been hit with multibillion-dollar lawsuits, and consumer-rights activist groups are also targeting three of our other most prominent tech companies for not complying with consent under GDPR.
- Spain filed a lawsuit against Facebook.
- A Spanish consumer protection group has sued Facebook for misusing Spanish citizens’ personal data: 200 euros for each of Spain’s 26 million Facebook users.
- Social media app developer Klout calls it quits on May 25.
- Inventor of the Klout Score – or a “social media influence” rating based upon factors like followers and active participation across Twitter, Instagram, and the like – went out of business just one day before GDPR enforcement took effect. Klout had been losing credibility for some time, but GDPR’s arrival accelerated the end of its platform, which heavily leveraged personal data.
- Several US news outlets blocked EU readers.
- When May 25th rolled around, major news outlets including The Chicago Tribune, The Los Angeles Times, and The Arizona Daily Star shut down EU residents’ access to their sites – decidedly an easier option for them than figuring out how to handle their EU readerships’ personal data in time.
- Verve quit the EU.
- Digital marketing firm Verve made the judgment call to stop doing business with European residents. According to their CMO, Julie Bernard, “We have decided that the regulatory environment is not favorable to our particular business model.”
While big-profile cases like Facebook and Google feature organizations who are more likely to draw the attention of GDPR enforcers, they also concern companies that should’ve had the resources to comply. But even the smaller guys, like 10-person marketing firm Exactis, are paying for their sub-par data handling practices. As I mentioned early, the Exactis breach spurred the State of California to enact a data privacy law that looks very similar to GDPR. It is broadly believed that the US will create Federal Data Privacy Laws that are as stringent as GDPR – so, it’s coming…
Are you confident in your company’s compliance strategy? If not, we can help. Check out our GDPR alignment session, a complimentary consultation.
Until next time,