The GDPR has gained a ton of attention recently as consumers’ inboxes have been packed with emails from companies concerning their privacy policies. While some of these emails may require an action on behalf of the consumer, Hilary noted that most of these emails are simply outlining the new updates to their privacy policies, as a result of the GDPR coming into effect.
On a more general level, Hilary explained that the new regulation requires a number of things: companies will need to ensure they are managing individual rights more broadly (Articles 15-22); companies will need to have much stronger protections in place for being transparent (Articles 5, 12); and they’ll need to inform people about their lawful basis for processing individuals’ data (Articles 13, 14).
So how does this affect companies and consumers in the US? Hilary noted that many of the US companies TrustArc helps are proactively expanding these protections to the US citizens they interact with, even though they are not required to do so under the GDPR. She also explained that it’s unlikely that we will see any large privacy regulations in the US like the GDPR, because of the way our government is structured. The US does not have a single regulator for privacy laws, but instead has sectoral laws, such as healthcare privacy laws, financial privacy laws, and state laws.
Many are asking whether the GDPR is harmful to retail businesses who rely heavily on advertising and marketing. The GDPR allows companies to be innovative in different ways. Businesses should be thinking of privacy as a business strategy instead of just privacy policies or practices. Hilary mentioned the benefits of businesses taking a Privacy by Design (Article 25) approach in the way they interact with customers – making privacy a part of business decision-making and part of technology offerings.
Have additional questions about the changes under GDPR? Schedule a demo of our GDPR Solutions.