By Rishi Sharma
In the past few days, you must have received numerous emails from various websites regarding their actions to comply with the EU’s General Data Protection Regulation (GDPR). The GDPR limits the export of data of individuals residing within the EU to a database that is located outside the EU. In simpler terms, any EU individual’s data must remain within the EU. Among many firms, tech giants Facebook and Google are under a lawsuit for violation of the GDPR.
Being websites with servers located in various regions of the world, these firms are facing difficulty in complying with the GDPR. The costs of compliance are reportedly very heavy. Companies will be spending lots of money to write the procedures, train staff, and verify information. Furthermore, companies with over 250 members of staff, which is the case for Facebook and Google, the company would be required to hire or train a Data Protection Officer. The International Association of Privacy Professionals and EY have drawn an estimation that Fortune Global 500 companies will pay 7.8 billion USD to prepare for the new rules.
Starting 1 June 2018, European data regulators will begin imposing fines of upto 4% of annual sales or 25 million USD, whichever is bigger, each time a company violates the GDPR. For Facebook and Google, this translates into billions of dollars in fines.
Facebook chief executive officer Mark Zuckerberg stated that Facebook will update is privacy policies to comply with the GDPR. Google told CNN that its staff is committed to developing the privacy policies to be in compliance with the GDPR. Both companies, as of yet, have not done so.
“There is no grace period,” says James Dipple-Johnstone, a member of UK’s data protection authority so Facebook, Google, and other firms must ensure that they have fulfilled the requirements of the GDPR by 1 June or else, they will be subjected to heavy fines.