Unless you’ve been living under a rock, you’ve probably heard of the General Data Protection Regulation (GDPR). In fact, you’ve probably received so many emails about the update in May that the mere mention of it makes you shudder. However, many consumers and, more worryingly, businesses still have a limited understanding of what exactly has changed and how it affects them.
Overview of GDPR
The purpose of the GDPR is to standardize data protection laws and impose new rules on how personally identifiable information is controlled and processed. EU lawmakers have been negotiating GDPR rules and regulations for the past three years; however, it finally came into effect in May 2018, replacing the EU Data Protection Directive of 1995.
The regulation affects all 28 countries in the EU and applies to all businesses that hold and process the personal data of EU residents, regardless of where the business is geographically located.
In the future, it’s likely that U.S. legislation will undergo a similar overhaul.
Some of the primary features of this regulation include:
- Increased fines for breaching regulations.
- Mandatory breach notifications in all member states where a data breach could “result in a risk for the rights and freedoms of individuals.”
- It will be as easy to withdraw consent as it is to give it. Terms must be clear and distinguishable and provided in a form that is intelligible and easy to access.
- Responsibility for data transfer outside the EU.
Many companies have responded positively to the new GDPR regulations. For instance, Microsoft announced that it will be committing to the GDPR guidelines for its customers all over the world, not just in the EU.
Effects on Retailers
The GDPR has had a huge impact on businesses, as it forces them to change the way they collect, store and use data from their users. The fines for breaching GDPR laws are huge and if a business fails to comply, it can be fined as much as 20 million euros or 4 percent of its total global revenue, depending on which is larger.
After many years of being able to harvest as much data as they’d like from users, many companies are struggling to overhaul their business practices. For many smaller companies, however, this is a very welcome change.
Now, by denying large companies the opportunity to collect and exploit their customers’ personal data, smaller companies are in a better position to compete with retail giants like Amazon and Apple, who can afford to wade through and process vast amounts of data.
Blockchain Increases Data Privacy
Despite the recent attention that has been given to the rise and fall in the value of cryptocurrencies, very little thought has been given to the impact that blockchain technology can have on the data rights and privacy of users.
Shopin, for example, is the world’s first decentralized shopper profile built on the blockchain. The company gives users full control of their complete purchase data and puts users’ rights to own their data the very center of its business model. Additionally, users are given free reign to share their purchase and behavioral information with whomever they’d like, and they’re rewarded for doing so.
The data is stored on a decentralized, publicly accessible network in an encrypted format, which makes it inaccessible to anyone other than the owner of the private keys. As a result, this gives users complete control of their own data while rendering it unnecessary for corporations to store it.
Long-term, no one quite knows what will happen. However, one thing is for sure: The implementation of GDPR is only the beginning.
Over the next several years, companies are likely to witness a flurry of new processes that they will be required to follow if they want to keep their head above water. For instance, EU’s ePrivacy Regulation (ePR) is another proposal set to come into effect sometime in 2019.
Despite the challenges these increased regulations present for some retailers, they open up a whole new realm of possibilities for blockchain companies.