You may have notice a ton of website pop-ups recently requiring you to accept their cookie privacy settings. The reason for this is the General Data Protection Regulation (GDPR) that was passed last year. To sum it up in a sentence, GDPR is the largest online privacy protection law ever passed, and it requires companies to ask you before collecting your data.
The law only applies to the European Union, but any company that sells to EU residents must comply as well. Here’s what must be protected:
- Biographical information – name, date of birth, Social Security number, phone number, and email address
- Web data – location, IP address, cookie and RFID tags
- Workplace data – education, salary, tax information
- Private personal data – health, genetics, medical history, racial data, religion, political opinions
Therefore, we have a bunch of companies flooding the Internet with pop-ups like this one asking for consent.
However, some of these pop-ups may have been for naught. Recently, the Dutch Data Protection Authority ruled that a visitor must be able to continue using a website if refusing the tracking cookies policy. Many websites currently do not offer this functionality. As the DPA puts it, “permission is not ‘free’ if someone has no real or free choice.”
Enterprises can’t just put a band-aid on this policy with just one click. Substantial changes to specific processes and technologies may be required. Fines for cookie walls could be coming.
GDPR Stats, One Year In
Speaking of fines, regulators have been lenient so far as everyone gets used to the new policies. The current threat for not complying is a fine of €20 million or 4% of annual global revenues, whichever is higher. So far, only four fines have been implemented:
- German social media service Knuddels.de suffered a hack resulting in 800,000 email mails and 1.8 million passwords leaked. The Baden-Württemberg Data Protection Authority fined the company €20,000.
- A sports betting cafe in Austria was fined €5000 for having their outside video surveillance capturing public areas like streets and keeping personal image data for longer than 72 hours.
- Portugal’s Barreiro Hospital was fined €400,000 because the hospital was unable to “ensure the confidentiality, integrity, availability and permanent resilience of treatment systems and services.”
- In January 2019, the biggest fine, a whopping 50 million euros, was laid down to Google by French regulatory agency CNIL for not disclosing how much personal information was gathered from Google Maps, YouTube, and Google Search.
In a recent survey from the International Association of Privacy Professionals (IAPP), 56% of respondents say they are far from compliance or will never comply.
The time to comply may be now. According to an official GDPR infographic, there’s at least 255 ongoing investigations of cross boarder GDPR violations. Investigations by a regulatory agency is usually triggered by a website visitor complaint, which have been steadying increasing, as you can see from this snapshot from the same infographic:
Whether GDPR is more strongly enforced or not, this is just the tip of the iceberg in an increasingly privacy-focused world.
HostDime is GDPR Compliant
Data centers store sensitive information and play a crucial role in personal data protection. Trusting a data center organization to be GDPR compliant is a necessity.
HostDime uses technical security measures like firewalls, nonpublic facing systems, and mitigation and detection software to prevent the unauthorized disclosure of information under our control. We are always committed to protecting our direct client’s personal data. Several of HostDime’s privacy objectives include:
- Creating a culture of awareness about and protection of sensitive information in our operations, information systems, and everyday work activities.
- Developing trust relationships with clients based on regulation compliance.
- Discovering, reporting, and managing all suspicious activity in breach of our security policies.
- Investigating security breaches, stopping any damage, and repairing any defective cause promptly.
- Complying with legal obligations for reporting breaches.
- Enforcing our commitment to respecting and protecting client’s personal information.
Disclaimer: I am NOT a GDPR expert. Do your own research and/or hire an attorney for any specific questions you may have regarding your enterprise’s compliance and specific GDPR regulations.
Jared Smith is HostDime’s SEO & Content Strategist.