With new stories appearing weekly about security breaches and misuse of personal data, the technology sector has come under increased scrutiny regarding its handling of consumers’ personal information.
As a result, new privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), aim to provide consumers with more control over their personal information while holding businesses accountable for the use of such data.
However, these measures have far-reaching implications for organizations that collect individuals’ personal information, not just big tech. Businesses and consumers need to be aware of these regulations and understand their implications.
GDPR has Implications for Organizations around the Globe
GDPR came into effect in May of 2018 and grants a variety of rights to individuals within the territorial reach of the European Union (EU) in regards to the usage of their personal information. GDPR has extra-territorial reach, meaning enforcement extends beyond the borders of the EU.
Any organization that processes the personal information of individuals located in the EU must comply with GDPR or risk heavy fines—up to 20 million Euros or 4% of total annual worldwide turnover, whichever is higher. This may include organizations that use ad-tracking since GDPR’s definition of personal information extends to IP addresses, cookies, and other online identifiers.
If your organization does business with customers located in the EU, then GDPR most likely applies to your organization. Though there have been a number of subsequent measures to help refine the regulation, enforcement has already begun by supervisory authorities, such as the Commission Nationale de l’Informatique et des Libertés (CNIL), the French Data Protection Authority.
CCPA will Affect Both Large and Small Businesses
Organizations will also need to address the requirements of the CCPA once it comes into effect on January 1, 2020. Like GDPR, this regulation will extend beyond the borders of its home state and affect certain organizations that do business in California or collect the information of California residents.
CCPA applies to a business that collects consumers’ personal information, does business in California, determines the purposes and means of the processing of consumers’ personal information and meets one of the three following thresholds:
- (A) annual gross revenues in excess of $25 million
- (B) alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households or devices, OR
- (C) derives 50 percent or more of its annual revenues from selling consumers’ personal information
To put this into perspective, if your business meets these criteria and receives the personal data of an average of 137 consumers a day, then you are most likely subject to the requirements of CCPA, making it a concern for both big and small businesses alike. Additionally, CCPA introduces large fines enforceable by the Attorney General of California up to $2,500 for unintentional violations or up to $7,500 per intentional violation.
Consumers are the Driving Force Behind these and More Upcoming Regulations
While GDPR and CCPA are two of the most notable regulations to make headlines in the area of data privacy, there is other proposed legislation already in the works. For several worldwide organizations, compliance with data privacy laws have already quickly become a top priority.
However, it’s also critical to recognize that these regulations are a reflection of a greater trend where individuals are demanding more transparency and control over their personal information as it travels across a growing digital landscape.
The bigger issue that will affect every organization’s success is how we can foster trust with the consumers that sustain us in order to maintain and grow our relationships with them.
Ready to take the next step towards improving data privacy? Contact us today!
This article was originally here. Guest post contributed by Tanya Forsheit; Partner, Frankfurt Kurnit Klein & Selz, and host of Laserfiche’s recent webinar: Data Privacy 2019.