What happens next?
Unfortunately for the businesses with U.S.-only consumers, delaying compliance is still a risk. The California Consumer Privacy Act (CCPA) has already been passed. California law tends to be a harbinger of things to come—in 2003, they passed the nations' first Breach Disclosure law. While there is still no federal law on breach disclosures, it mandated the disclosure of breaches involving 500 people or more, and there are more than 40 states with disclosure laws on their books (thanks to federal inaction).
Given GDPR, the recent Facebook mess, and the other massive data breaches in 2018 alone, it’s possible that CCPA and GDPR are just the beginning of what will eventually become a global standard for data protection. Why? Business. The pressure is ever-increasing to protect data, meaning we are likely to see an uptick in individual state data protection laws here in the U.S. and more outside the U.S. and the EU.
Companies will find it cheaper to comply with one global policy that mimics GDPR instead of having to comply with a mishmash of more than 40 inconsistent state laws and GDPR (not to mention other countries’ laws). So, despite GDPR applying to only EU residents, and CCPA applying to only California residents, the types of restrictions on data acquisition, storage and sharing are likely to become an international business problem, not solely a European one.
Do these laws actually make the internet a safe place?
These laws were designed to make companies more aware of what consumer data they have, where they keep it, and how they can be more responsible with it. The most obvious result of these privacy laws, however, is encouraging transparency and information about how/when/where data is used and stored so the consumer can be more responsible with sharing their data—at least for now. In fact, according to a study conducted by researchers at the Ruhr-Universität Bochum, Germany and the University of Michigan, Ann Arbor, USA, since GDPR went into effect, the most notable change has been “the rise of cookie consent banners, which now greet European web users on more than half of all websites, informing about the websites’ cookie practices.” They go on to note that “While seemingly positive, the increase in transparency may lead to a false sense of privacy and security for users.”
What about StrongKey?
Worth the wait
We are very aware that GDPR went into effect back in May, and it is now September. The reason we are behind the curve on GDPR compliance isn’t because we wanted to delay the inevitable but rather because we wanted to get it right. We re-evaluated our company policies as a whole and decided to wipe the slate clean.
StrongKey only wants prospect or partner data available to us for business decisions and content development intelligence (with explicit consent, of course), and we keep our customer data stored securely onsite for internal use only, with highly controlled access. Your data security is the most important thing to us, so we feel comfortable knowing we are working toward a GDPR- and CCPA-compliant system with policies in place to keep it that way.
To our customers, prospects and partners, we hope this gives you a stronger sense of security. To any other businesses struggling to comply with GDPR or CCPA, we hope this encourages you to move forward and protect consumers’ data, the right way. We are always happy to provide a free security assessment.