In May 2018, the European Union launched the General Data Protection Regulation (GDPR) to control the usage of consumer personal data by EU and non-EU organizations.
Viviane Reding, former VP of the European Commission said during its launch that the “reform will restore trust in digital services today, thereby reigniting the engine for the growth of tomorrow.”
Despite that, stakeholders were still skeptical about the implementation of GDPR. Businesses were concerned about the associated costs and compliance due to the law’s ambiguity. Till now, concerns remain regarding the law’s negative impact on business growth and innovation. However, GDPR enforcement has also led to positive impacts as well.
ALSO READ: How to Comply with GDPR? 10 Crucial Tips to Follow
Impact of GDPR on a Global Level
So far, GDPR has made significant improvements in awareness, monitoring, governance, and strategic decision-making with consumer data. Companies are also taking security and privacy concerns pretty seriously to avoid the risk of paying out heavy fines or incurrence.
On a global level, GDPR has pushed data privacy to the front. Today, more than a hundred nations have established privacy standards.
For example, South Africa brought the Protection of Personal Information Act (POPI Act) in July 2020. Australia has been complying with the Privacy Act since 1988 but recently made changes reflecting GDPR regulations.
Impact of GDPR on America
GDPR enforcement has led many U.S. state legislatures to focus on protecting consumer data privacy. Here are a few examples of the regulatory bodies that have introduced several measures to protect data privacy.
-
Colorado
The CCPA or Colorado Consumer Protection Act makes it mandatory for every private or public company to store the personal information of Colorado residents under the data protection policy. As for the policy, each agency is bound to possess a breach notification system and must destroy data if no longer needed.
-
Massachusetts
The Commonwealth of Massachusetts is one of the U.S. states having the strictest data protection laws. It states that any organization owning or licensing consumer personal information must create, execute and maintain a complete data security program.
-
California
The California Consumer Privacy Act (CCPA) was enacted in 2018. It focuses on protecting consumer data right from its point of collection.
-
Nevada
The Nevada Law was put in force in 2015. It states that any consumer’s personal information must be encrypted to ensure privacy. The law only applies to businesses owning or licensing data of Nevada residents.
Final Words
While the GDPR did change the behavior of a few U.S. companies and provide countries with a privacy law template, its approach is still not replicated in global regulations. Businesses today are getting rid of personal data they’ve stored and maintained instead of adapting to the GDPR norms and regulations.
Some are refraining employees from accessing personal information while some are limiting the use of EU citizens’ personal data. However, countries like Japan, Australia, South Korea, China, and Brazil have already changed their privacy legislation as per the GDPR.
GDPR enforcement has gradually improved the privacy and security practices of companies. However, regulators are still struggling with regional consistency and matching resources to the growing requests. This indicates that it will take time to achieve harmonization in the region.
