While one of the primary goals of the GDPR is to harmonize data protection laws across the EU, there are over 50 provisions, which allow GDPR derogations by Member States.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
CNIL has hit Apple's App Store with a fine of €8 million over its ad personalization practices, taking it to task for not properly collecting consent and making the process of opting out too indirect.
Germany set a new precedent with an antitrust ruling against Facebook, forcing the company to make major changes to their data collection practices – German users are to be given a greater degree of notice and choice in how their data is used.
Companies should have an automated, accurate and scalable technology solution to handle a potential mountain of Subject Rights Requests (SRRs) when CCPA comes into effect.
China’s new GDPR-style data protection law does almost nothing to curb the state's unfettered access to data stored within the country, but does sharply limit the ways in which tech firms can handle and share it.
Those little automated data tracking mechanisms are subject to special treatment, consent, opt in and opt out requirements. Have you properly accounted for cookies for GDPR and CCPA?
New York is the next state following California to develop its own New York Privacy Act which even though largely similar to CCPA, will still include notable exceptions that companies should be cautious of.
Just about all of the big names in tech have now faced issues with EU regulations, but Meta has been unique in its insistence in not being subject to GDPR user consent requirements. Its ad-free service model is under fire once again.
Even seemingly innocuous “free” tools can cause data privacy problems, as a company out of Germany has found out. The company has been ordered to pay a small GDPR fine due to its use of Google Fonts.
Selling customer data such as banking records, vehicle registration and mobile phone usage is big business in China. Recent data theft of 130 million clients of Huazhu Hotels Group saw the stolen payment and contact information going for about US$56,000.









