The hype surrounding GDPR has far from settled. It has shaken up businesses, causing them to rush to meet the new demands of data rules in order to avoid being slapped with the ultimate penalty of a fine worth 4% of annual global turnover or €20 Million (whichever is greater). And the effect of GDPR is not limited to the EU.
Across the world, businesses have been preparing for how they will be impacted by this new paradigm shift in data management. Lexology, a website that delivers the most comprehensive source of international legal updates, analysis and insights, has recently published an article giving government guidance for Chinese businesses on GDPR compliance. Meanwhile, across the pond in the US, businesses are also ready for change in reaction to GDPR. However, GDPR might become a distant memory in light of a US version of the EU’s new data laws.
According to Business Insider, Democrats have reportedly drawn up plans to slap big tech firms with privacy laws similar to GDPR in the EU. The website states that Senator Mark Warner’s office has proposed ways for US policymakers to bring big tech inline following Russian interference in the 2016 presidential election. This coincides with a recent LinkedIn post titled “America’s GDPR? Seven workstreams to implement California’s CCPA.”
To get a better idea of what this might look like and how it could impact the US, we spoke with Mircea Patachi, Co-founder and CEO of Clym, a Consent Lifecycle Management tool that helps you meet data protection obligations, who said “On June 28th 2018, California passed the California Consumer Privacy Act of 2018 (“CCPA”), one of the toughest privacy laws in the US at the moment. This happens only one month after the EU General Data Protection Regulation (GDPR) was enforced, raising the inevitable question: will the US have its own GDPR sooner or later?”
He adds “We believe a change in privacy laws worldwide is inevitable. The GDPR was the first step, and now, through the CPPA, we see the first efforts of a US state to improve privacy laws. The Privacy Shield has many issues, with most EU representatives agreeing it is not a long-time solution for US companies. The only logical solution at this point is a new privacy law in the US, that would be aligned to the EU’s GDPR. The next 2-5 years will be defined as to what happens in this area.”
Clearly the US is on track to follow in the footsteps of the EU, however, what this privacy law might look like is unknown, only time will tell. All we know for sure is that business will ultimately scramble to keep up in order to ensure they are not hit with a fine, giving us, the users, more security and protection.