GDPR: Day One Survival Kit

Posted by Jeff Pelliccio on May 25, 2018 9:00:00 AM

In ICS insights, hiring trends

True or false: In the case of a personal data breach, the controller must alert the proper supervisory authority within 72 hours of finding out about the breach, unless it's unlikely to result in a risk to the rights and freedoms of natural persons.

The answer is true, and if you didn't know the answer to that simple question, you might need to read on for more information on GDPR.

Today, May 25th, 2018, is the day that GDPR gets put into effect across the globe. This regulation has had a lot of speculation about it, and even ICS has talked extensively about its impacts. Now that it's live, what information are you missing that is stopping you from being fully compliant? Let's break down the difference between current US and EU law. 

How do EU Privacy Laws Differ From the US?

With so much data in the US and the hype around Big Data, one would think we have strict laws in place regarding data in the US, but the EU is way ahead of us in terms of individual privacy rights. The following topics are where the US and EU differ.

Political Party Differences

In the US, incoming administration change privacy laws. Political parties are more polarized and have different viewpoints when it comes to privacy. There are fewer changes during administration turnover in the EU because they have less polarizing views. This allows the laws to stay relatively consistent throughout the years.

Intent of Regulations

Privacy law in the US can be complicated with different regulations in public, private, and government sectors. Each will have a different agenda and may not be geared towards the consumer. In the EU, privacy laws are more overarching and tend to benefit consumers. The intent behind laws can shape and mold different policies, explaining why we differ here.

Number of Enforcers

Several government organizations carry out these privacy laws in the US. There are too many to list here, but some are the Federal Communications Commission (FCC) and the Health Insurance Portability and Accountability Act (HIPAA). In the EU, one authority enforces privacy law across all 28 member states. This is a more unified front and eradicates jurisdiction problems. 

GDPR-for Scoail@2xExistence of Privacy Organizations

In the US, privacy organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) exist to provide the legal framework for digital privacy. There are not as many privacy organizations in the EU due to the nature of EU rights, but there are The European Digital Rights (EDRi) and The European Privacy Association (EPA.) 

Individual Rights

Individuals have little ownership of their data in the US, so large businesses can profit from users data. In contrast, EU users are allowed to delete their data. This is a big differentiator in privacy law.

Company Ownership of Data

US Terms of Service dictates how long a company can keep consumers data, and sometimes even indefinitely. The “right to be forgotten” in the EU allows citizens to have search results be removed if they are irrelevant or inadequate. This is another significant factor in how we differ in privacy policy. 

In Case You Missed Our Previous GDPR Articles...

We've put together a directory for you to look back on our past articles. These posts go more in-depth into the risks, impacts, and talent needs of GDPR. Check them out below:



Talent Needed

Are You Ready For It?

Not everyone is prepared for GDPR, and that percentage of people is more significant than you think. Are you sensing some gaps in your team? If you are, ICS can help. We can get you the talent you want in the time you need. GDPR doesn't have to be so complicated with the right team in place. Click below to get started.

Find Talent NOW

FTN Legal Compliance