It’s here! Today, the new data protection regulation (GDPR) was introduced in the EU and will take effect in all member states. The new European Data Protection Ordinance, which supersedes the national laws of the Member States, establishes special rules for terms and data collection that strengthen the protection of personal privacy online. The regulation gives the individual greater control over their own personal data and sets higher transparency requirements for companies and authorities that handle personal data.
For those who are in error of breaching these new laws, high sanctions are expected. Notably, due to the introduction of GDPR, Google has changed its advertising policy and even some media companies, including Schibsted and TV4 in Sweden, believe that their updated policy violates GDPR and therefore shatters ties with Google. While others, like Bonnier News, chose to accept it (I wonder what the connection is?).
Let’s take a look at Sweden. While these new changes take place today; despite the fact that requirements have become much more extensive for companies to handle data, more than half of Swedes believe that the protection of the data will be about as before – or worse.
Yet only 27 percent of the Swedish people believe that their personal data are more protected when the law comes into force, according to a survey conducted by IF insurance. 7 percent believe they are less protected and 47 percent believe that there will be no difference at all.
The legal requirement entails major changes in how personal data can be handled and also impose fines on those who do not comply with the new rules. If a company fails in its processing of personal data, they may be forced to pay four percent of global sales,
At IF, work on GDPR has been in progress since December 2015. IF’s processes and systems have been reviewed and reworked, and employees have undergone training so that they know what they are.
One of the most important changes is that they have created awareness within the company that the customer’s integrity is the focus throughout the customer journey. They have done this by quality assuring how personal data is processed.
In particular, it is only financial companies and technology companies that have had to make the biggest changes, according to a survey conducted by the Financial Times.
The total cost of introducing the new data protection regulation GDPR will be around 2,000 billion, or 198 billion euros, for companies in the EU.
What else can we expect?
High penalty charges
Sanction charges up to EUR 20 million or 4 percent of a company’s turnover. Authorities can pay sanctions of up to SEK 10 million.
The abuse rule disappears
The regulation on unstructured personal data and the abuse rule (which is a Swedish special regulation) will disappear when the data protection regulation is introduced.
It introduces a rigorous regulatory framework for so-called profiling. This is introduced to protect EU citizens’ integrity. It simply becomes more difficult for organizations to profile their customers widely.
Openness, integrity, confidentiality and accountability. Exactly what is contained in these new concepts becomes clearer after the introduction of the Data Protection Ordinance when a new case law is established.
Personally, I’ve been bombarded with e-mail about how these changes affect the contracts of various services that I’m currently using. Quite frankly, I’m ready to jump over this slight inconvenience and hope that these changes really bring forth a wave of positives in light of what’s happening in data protection breaches of various large organizations. *Cough* – I’m really not looking at anyone in particular, not even you, Facebook.
Evolvera – always changing, always evolving