*Facebook’s Zuckerberg speaks —
May 25, 2018, is D-Day – the day the European Union’s General Data Protection Regulation (GDPR) comes into effect. The EU regulation provides regulatory teeth to age-old administrative guidance about how EU member states handle personally identifiable information.
In order to comply, foreign companies are at liberty to either block EU users totally (an impossible choice for a multinational brand like Facebook or Google) or have processes in place to ensure compliance. GDPR could have a big effect on how businesses all over the globe handle privacy, and some tech companies are reportedly taking steps to block European users from their servers in order to evade this unprecedented regulatory overview of personal data.
The broad, comprehensive law is backed by unprecedentedly steep fines of up to 4% of a company’s total global revenue — fines that could easily cripple a business that breaches its policies. It will require companies to ensure the highest levels of privacy protection or suffer dire financial costs. Businesses of all sizes – from micro to multinational — are affected.
And there are no borders because data can travel well beyond the borders of the EU – GDPR provides protection to EU citizens no matter where their data travels. This means that any company anywhere that has a database that includes EU citizens is bound by its rules.
GDPR operates with an understanding that data collection and processing provides the basic engine that most businesses run on, but it boldly strives to protect that data every step of the way while giving the consumer ultimate control over what happens to it.
In order to be GDPR-compliant, a company must not only handle consumer data carefully but also provide consumers with myriad ways to control, monitor, validate and possibly delete any information pertaining to them they don’t want. GDPR promotes use of pseudonyms, anonymities and encryption to ensure compliance.
Facebook’s founder Mark Zuckerberg was live this Thursday answering questions and giving explanations! Zuckerberg spoke during a live programme at the Viva Technology conference, which started about 15:30 hours GMT, amid concerns over how Facebook handles user data.
The Facebook co-founder and CEO spoke with Maurice Levy, the chairman of an advertising firm.
Zuckerberg has come under criticism for his lack of answers regarding the Cambridge Analytica scandal. Facebook has admitted that the data of 87 million users may have been improperly shared with Cambridge Analytica.
Zuckerberg was grilled by U.S. and European Union lawmakers, but has denied requests to appear before U.K. parliamentarians.
While American laws and regulations tend to favour business over the consumer, the EU has always promoted a “consumer-first” point of view. It states in its charter: “The protection of natural persons in relation to the processing of personal data is a fundamental right.”
According to GDPR, companies must ensure that customers have control over their data by including safeguards to protect their rights. At its core, the protections have to do with processes and communications that are clear and concise and are done with the explicit and affirmative consent of the data subjects.
The new law puts many companies on the spot, and each now needs to hire a data protection official, educate its personnel, and create tools to ensure privacy of its corporate publics. They now have to examine third-party providers – including providers of email service, marketing and public relations, and other jobs usually outsourced – because they are liable for breaches made by these third parties.