News: Weighing the Impact of GDPR
Communications of the ACM, November 2018, Vol. 61 No. 11, Pages 16-18
By Samuel Greengard
When the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018, it represented the most sweeping effort yet to oversee the way businesses collect and manage consumer data. The law, established to create consistent data standards and protect EU citizens from potential privacy abuses, sent ripples—if not tidal waves—across the world.
GDPR gives European citizens greater control of their data while establishing strong penalties for businesses that do not comply. What is more, any data that involves EU citizens or touches EU companies is covered by GDPR. The initiative replaces an older data privacy initiative called the Data Protection Directive 95/46/EC, which was introduced in 1995.
The implications and ramifications are enormous—and the initiative’s reach is global. GDPR will change everything from the way data collection takes place to the way corporate databases are designed and used. It also will potentially change the way research and development takes place, and will impact cybersecurity practices, as well as introducing a practical array of challenges revolving around sites and repositories where groups share comments, information, and other data.
How GDPR will play out is anyone’s guess. The initiative could revolutionize the data landscape—or it may fizzle into a footnote in digital history. It could also change the way the Internet works and how data and information flow across sites, clouds, and more.
One wild card is how consumers react to GDPR. If large numbers of people revoke access to PII or challenge the way companies use their data, businesses may reach an inflection point where they will have to rethink the fundamental way they approach and navigate data management, or reevaluate the fundamental value of data and how it is monetized. GDPR also might mandate new tracking and data management tools, such as blockchain.