True or false: In the case of a personal data breach, the controller must alert the proper supervisory authority within 72 hours of finding out about the breach, unless it's unlikely to result in a risk to the rights and freedoms of natural persons.
The answer is true, and if you didn't know the answer to that simple question, you might need to read on for more information on GDPR.
Today, May 25th, 2018, is the day that GDPR gets put into effect across the globe. This regulation has had a lot of speculation about it, and even ICS has talked extensively about its impacts. Now that it's live, what information are you missing that is stopping you from being fully compliant? Let's break down the difference between current US and EU law.
How do EU Privacy Laws Differ From the US?
With so much data in the US and the hype around Big Data, one would think we have strict laws in place regarding data in the US, but the EU is way ahead of us in terms of individual privacy rights. The following topics are where the US and EU differ.
Political Party Differences
In the US, incoming administration change privacy laws. Political parties are more polarized and have different viewpoints when it comes to privacy. There are fewer changes during administration turnover in the EU because they have less polarizing views. This allows the laws to stay relatively consistent throughout the years.
Intent of Regulations
Privacy law in the US can be complicated with different regulations in public, private, and government sectors. Each will have a different agenda and may not be geared towards the consumer. In the EU, privacy laws are more overarching and tend to benefit consumers. The intent behind laws can shape and mold different policies, explaining why we differ here.
Number of Enforcers
Several government organizations carry out these privacy laws in the US. There are too many to list here, but some are the Federal Communications Commission (FCC) and the Health Insurance Portability and Accountability Act (HIPAA). In the EU, one authority enforces privacy law across all 28 member states. This is a more unified front and eradicates jurisdiction problems.
Existence of Privacy Organizations
In the US, privacy organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) exist to provide the legal framework for digital privacy. There are not as many privacy organizations in the EU due to the nature of EU rights, but there are The European Digital Rights (EDRi) and The European Privacy Association (EPA.)
Individuals have little ownership of their data in the US, so large businesses can profit from users data. In contrast, EU users are allowed to delete their data. This is a big differentiator in privacy law.
Company Ownership of Data
In Case You Missed Our Previous GDPR Articles...
We've put together a directory for you to look back on our past articles. These posts go more in-depth into the risks, impacts, and talent needs of GDPR. Check them out below:
- General Data Protection Regulation: Facing Risk
- GDPR Non-Compliance: Minimize Risk in Four Steps
- IoT Threatens GDPR Compliance
- Manage The Top 4 GDPR Operational Impacts (Part I)
- Manage The Top 4 GDPR Operational Impacts (Part 2)
- GDPR Impact on Software Engineers
- 7 Ways GDPR Impacts Marketers
- GDPR Will Have Global Implications
Are You Ready For It?
Not everyone is prepared for GDPR, and that percentage of people is more significant than you think. Are you sensing some gaps in your team? If you are, ICS can help. We can get you the talent you want in the time you need. GDPR doesn't have to be so complicated with the right team in place. Click below to get started.