Jan 21, 2019
“Doublethink”, a concept defined by George Orwell as the simultaneous acceptance of two mutually contradictory beliefs. Now 70 years after 1984’s publication, new data regulations ask us to consider a premise that Orwell most of all could appreciate: Privacy equals control.
In April of 2016, The General Data Protection Regulation, otherwise known as GDPR, was passed by the European Union Parliament. Intended to put power over personal information back into the hands of the individual, GDPR also propels organizations to tighten their grip on enterprise data, personal and otherwise.
No business regulation in recent memory has loomed so large or appeared so daunting to multinational enterprises as GDPR’s four percent of global annual turnover penalty. One board member affectionately refer to it as the God Damn Privacy Regulation. The ramifications of this law may echo for years to come.
Now over two years after being passed and five months after going into effect last May, we’re finally starting to get a hint of potential sanctions, including an investigation into Facebook by the Irish Data Protection Commissioner for a recent data breach. European Data Protection Supervisor Giovanni recently alluded to potential fines by the end of the year as well.
While GDPR remains the most formidable, other countries have followed the EU’s lead with their own flavors of privacy regulations, including Brazil, India, and several US states.
Challenging Requirements and Steep Sanctions
The challenging new requirements coupled with steep sanctions cast a shadow on a significant cross-section of functions at multinational corporations, requiring synchronization across IT, records management, legal, compliance, and information management. These requirements have compelled the implementation of new technologies and business processes designed to index, identify, analyze and control the use and retention of all enterprise data.
While the promise of better management and protections afforded to personal information is appealing, a key point is often missed: The technologies and processes necessary for compliance facilitate a degree of intrusion into personal data on a scale that is unprecedented.
Please visit Toolbox to read the full article.
Click here to download the PDF version.