This week’s “weekly top 5” is a special edition, highlighting the anniversary of GDPR. It’s now been one year since GDPR took effect and there is no evidence of it slowing down. In fact, it’s caused a ripple effect as more data privacy legislation is being brought forth in an attempt to better manage the privacy of consumer data. Below is the week’s rundown of GDPR topics worth checking out.
1. A Rear View of GDPR: Compliance Has No Breaks
With a year of Europe’s General Data Protection Regulation under our belt, what have we learned? Pragmatically, the GDPR will serve as a catalyst for a new wave of privacy regulations worldwide — as we have already seen with the California Consumer Privacy Act (CCPA) and an approaching wave of state-level regulation from Washington, Hawaii, Massachusetts, New Mexico, Rhode Island, and Maryland.
GDPR has been a boon for technology vendors and legal counsel: A Price Waterhouse Coopers survey indicates that GDPR budgets have topped $10 million for 40% of respondents. A majority of businesses are realizing that there are benefits to remediation beyond compliance, according to a survey by Deloitte. CSOs are happy to use privacy regulations as evidence in support of stronger data protection, CIOs can rethink the way they architect their data, and CMOs can build stronger bonds of trust with their customers.
By: Daniel Barber, Published on Dark Reading
2. Will the US Adopt a National Privacy Law?
As we approach the one-year anniversary of Europe’s General Data Protection Regulation (GDPR), Congress is again considering whether the United States should join Europe (and most major economies) by adopting some form of national data privacy and security regulation. In February, the House and Senate each held hearings on data privacy, and for the first time in years, there appears to be at least some interest among the different stakeholders for national legislation.
Why Are We Talking About National Privacy Regulation Now?
Until recently, one major factor preventing a serious discussion about a national privacy law was the almost uniform opposition of Silicon Valley and the large tech companies. These companies were concerned that data privacy regulation would inhibit their ability to monetize the data they collect and prevent further innovation in the information sector.
By: Seth P. Berman, Published on Dark Reading
3. 15 GDPR Probes in Ireland Target Facebook, Twitter, Others
Ireland’s privacy watchdog has its eye on Facebook. Of 15 major investigations that the Data Protection Commission has underway, 10 focus on the social network. All of the investigations have been launched since the EU’s strong new privacy law, the General Data Protection Regulation, went into full effect on May 25, 2018.
“In 2018, the DPC opened inquiries into data-processing activities of Facebook, Apple, Twitter, LinkedIn, WhatsApp and Instagram, looking at issues ranging from large-scale data breaches to legal bases for processing to transparent presentation to users,” the DPC says in its annual report for 2018 released on Thursday. “All these inquiries should reach the decision and adjudication stage later this year, and it’s our intention that the analysis and conclusions in the context of those inquiries will provide precedents for better implementation of the principles of the GDPR across key aspects of internet and ad tech services.”
By: Mathew J. Schwartz, Published on InfoRiskToday.com
4. California Consumer Privacy Act: 4 Compliance Best Practices
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
The California Consumer Privacy Act (CCPA) — the toughest privacy law in the United States — will go into effect January 1, 2020, with enforcement beginning no later than July 1, 2020.
The CCPA, like the existing EU General Data Protection Regulation (GDPR), broadly expands the rights of consumers and requires companies within scope to be significantly more transparent about how they collect, use, and disclose personal information. For compliance leaders, such as chief privacy officers (CPOs) and data protection officers (DPOs), the act represents an opportunity to operationalize privacy and make it a strategic priority for gaining competitive leverage.
By: Chris Babel, Published on Dark Reading
5. Benefiting from Data Privacy Investments
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
Most companies in the survey reported having a data breach in 2018, but fewer (74%) of the GDPR-ready companies were affected. In comparison, breaches struck 80% of the firms that are less than a year from GDPR readiness, and 89% of the ones that still have a long way to go before they fully comply.
That’s not all. Not only were the most GDPR-ready companies hit less often; the impacts of the breaches they did experience were smaller — an average of 79,000 records, as opposed to 212,000 for those that are least GDPR-ready. The system downtime for the most-prepared was also significantly less (6.4 hours versus 9.4 hours). Of these firms, only 37% suffered data-breach losses of more than $500,000, while 64% of the least-prepared companies lost at least that much.
By: Marc Wilczek, Published on Dark Reading
Director, Product Marketing