I, along with many others, have written about Europe’s General Data Protection Regulation (GDPR) since it was first introduced in April of 2016, and then implemented in May of 2018. Businesses had a two-year period in which they were to establish proper governance and practices to protect Personally Identifiable Information (PII) they stored and managed.
On July 8 of 2019, CNN reported that British Airways is now facing a (US)$230M fine due to a website failure compromising the personal details of approximately 500,000 of their customers. The fine represents about 1.5% of British Airways’ annual revenue. Additionally, this article reports that Facebook – as a result of the Cambridge Analytica scandal – was fined the maximum allowed at the time of $626,000 which was before GDPR was implemented and enforced. As you can see, the difference between then and now is significant.
GDPR is here, it is real, it is being enforced, and it will result of non-compliance will be one of great consequence. If you think it does not impact you, think again. Businesses need to take this seriously as many States are now implementing GDPR like regulations, and the Federal Government is considering a national version.
From a personal perspective, you should be glad that such a regulation is in force, as it is now pushing businesses more than ever to take responsibility for the information they hold on you, and be held accountable for the inability to do so.