Last June when the General Data Protection Regulation was going into effect in Europe, I wondered if lawmakers and tech companies in the United States might be able to learn anything from that kind of privacy regulation. At the time, there wasn’t much of an impetus on the part of lawmakers to do anything similar in this country, despite a growing consumer demand for more personal data protection. Now that GDPR has been in effect for almost a full year, and by all accounts is doing very well, could that trigger more acceptance on this side of the ocean for something similar?
One of the reasons that leaders here have been reluctant to support new privacy laws is that most of what has been proposed so far simply vilifies companies that get breached. But GDPR is more elegant than that. Basically, if a company does everything it can to protect the data it has collected, and then gets breached anyway, they may not be blamed or fined, especially if they follow the guidelines and alert affected customers within 72 hours. Yes, the fines with GDPR can be huge but those are mostly reserved for firms that blatantly break the rules and more or less contribute to their own data theft.
GDPR is also well-crafted because it does not advocate a specific technology or protection scheme. It merely lays out a series of best practices and then fines companies that don’t improve their defenses and get breached as a result. One of the key elements is actually encouraging companies not to collect and store unneeded information in the first place. GDPR encourages firms to only collect the information they explicitly need to perform whatever product or servi ..
Support the originator by clicking the read the rest link below.
