I am hearing a lot about GDPR (General Data Protection Regulation) in past few months. I decided to do some digging up to know how it affects us in the United States. Those of you who directly want to go to the source of my information and avoid my 2 cents are welcome to check out these 2 links. This Law is explained in very easy terms for a layperson.
Those of you who are short on time and want to just get the skinny version, then keep on reading.
- This law is about protecting European Citizens from data breaches of companies inside and outside Europe
- This Law may affect us if and when we store data of EU citizens.
- This is for EU consumer safety.
- In case of a data breach, the companies even outside EU can become part of the lawsuit.
- To avoid the lawsuit, a USA based company have to provide the EU country representative with a notification within 3 days of a data breach.
- Companies can be fined if the governing body finds the proof that adequate data protection measures were not taken by the company whose data was breached.
It is good to keep this EU law on our radar even if our company is not storing EU consumer data. I think something like this law will become the norm in next 5 years across the global communities. After all, it is the responsibility of the company who collects and stores consumer data to provide safeguards to protect the data. The basic rationale of this law is simple. Since companies make a profit by using a consumer information, it is fair that they should spend a part of that profit to protect that information. This provides clear accountability on one hand and provides peace of mind to the citizens on the other hand. In my opinion, this is a win-win situation.
I would appreciate your comments on this topic.