From Name:
From Email:
To Name:
To Email:

Optional Message:


Reevaluating Data Privacy and Data Security to Build a Relationship of Trust


Marcie Granahan,
NFAIS Executive Director
The EU General Data Protection Regulation (GDPR) has been lauded as the most important change in data privacy in two decades, prompting Japan and Argentina to overhaul their domestic rules, with other countries likely to follow suit [see full article here]. In the U.S., California recently passed its own consumer privacy statute that requires companies to inform state residents what personal data is being collected and how it is being used [see full article here].

With penalties up to 20 million euros or 4 percent of annual revenue—whichever is higher—organizations worldwide have been motivated to reevaluate their data privacy and data security programs. But as the GDPR enters month two of enactment, there’s still work to be done. Global research and advisory firm, Gartner, predicts that by the end of 2018, more than half of all companies affected by the GDPR will not be in full compliance [see full article here].

A cornerstone of the GDPR is receiving consent from EU individuals as to how the organization will use and safeguard their personal data. As a result, in the final weeks leading up to the May 25th deadline, businesses scrambled to send out email blasts to their entire contact lists, creating a tsunami of privacy notice updates and policy consent requests, making it difficult for consumers to effectively assess whether their rights are being respected. But is also created unintended risks, wherein consumers who couldn’t recall using the company’s services or products begin to question why the company had their personal information, how long they have had it, and what other personal information that company might hold [see full article here].

Even the tech giants have faltered in GDPR compliance. Researchers from the European Union Institute in Florence developed AI software to examine the privacy policies of 14 major technology businesses, including Google, Amazon and Facebook [see full article here]. A third of the clauses examined were found to be problematic. Among the problems found were policies that did not identify third parties that a company might share personal data with, policies that validate agreement simply by using the company’s website, and vague and confusing language.

Across Europe, there has been an increase in the number of breach notifications and consumer complaints during GDPR’s first month [see full article here]. A substantial number of these early complaints have been filed by consumer rights groups against high-profile companies, such as Facebook and Google. But the fear of potential complaints has some companies exiting European operations altogether, and others—like the LA Times and Chicago Tribune—blocking EU readers. We’re also seeing workarounds, where organizations are putting up new websites with different privacy requirements for different countries.

Although many organizations affect more


Powered by MultiBriefs
7701 Las Colinas Blvd., Ste. 800, Irving, TX 75063