IS LYING About General Data Protection Regulation (GDPR) Compliance.
They Are Hiding Their Tricks In Software And We Can Prove It In Court
The deadline for
companies having operations in the European Union (EU) to comply with
the General Data Protection Regulation (GDPR) standards is tomorrow, and
yet many US firms remain completely unaware of this shadow monster. At
Tuesday’s hearing in Brussels, Facebook (FB) CEO Mark Zuckerberg had
promised the European Parliament thatthe
social media giant would be GDPR compliantbefore
this deadline. However, given the complexities involved in the system
and the pandemonium surrounding it, it is unlikely that this promise
would be kept.
Facebook is hardly
to be blamed here. A recent research report by Capgemini shows that over
85% of the companies in the US and Europe, which come under the ambit of
this regulation, will not be compliant-ready by the deadline. The report
goes on to say that it expects at least 25% of the companies to fail the
regulatory requirements even by the end of the year.
As you may already
know, Europe is pretty serious about privacy and they want to make data
exchange more transparent. The GDPR was adopted in 2016, after working
on it for almost four years. All companies having operations in the EU
member states were given two years to work on their systems to meet the
GDPR requirements. And the two-year grace period ends tomorrow.
GDPR is pretty
complex that even the regulators are unsure how it is going to work.
Under the terms of
GDPR, a company needs to report any data breaches to the regulators
within 72 hours after it was found. Now that is only the easier part.
The regulation also requires companies to remain transparent as to what
data they are collecting and how they are planning to use it.
Under this new
system, an EU user may demand access to the data that they have
collected, and can also ask to update or delete certain information they
wish to make private. The users may sue the companies if the information
is not handed over to them in 30 days. This particularly puts large
companies including banks in a tricky spot, since they already have a
gigantic cache of information in various systems that pinpointing
certain vague data can become quite cumbersome. This is in addition to
the massive investments required to set up the whole GDPR compliance
Under this new system, an EU user
may demand access to the data that they have collected, and can also
ask to update or delete certain information they wish to make
Some experts in the
field even fear that total compliance is a utopian vision. And with that
kind of skepticism prevailing, the fact that regulators can fine
violating companies up to 4% of its global revenue sounds, at best,
scary. For a company like Alphabet (GOOGL), this accounts for as much as
The regulators are
expected to be tolerant in the initial months, and yet they will be
forced to take action against the company if a complaint arises. The
shocking part is, even the regulators are mostly clueless how the whole
process is going to take off. According to a recent survey by Reuters,
17 of 24 regulators said they did not have the financial or legal
assistance to carry out their job.
Europe is a major
market for many US firms and they cannot ignore these regulations for
long. Meanwhile, Apple (AAPL) yesterday announced that it would soon
open a privacy portal, from where its users can download all the data
collected by the company.The
show starts tomorrow, and it’s going to be a survival drama.