Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    How Enterprises Can Make GDPR a Global Data Privacy Standard

    By
    Wayne Rash
    -
    May 30, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Google GDPR Ad compliance

      For some U.S. companies, the European Union’s General Data Protection Regulation is a source of fear. They’ve heard about the massive penalties for non-compliance. They’ve heard about the complexity of the requirements and they don’t know what to do. In extreme cases these companies are simply blocking all internet traffic from Europe. 

      In other cases it’s about the annoyance of having to deal with multiple standards. They have to write one set of privacy policies for Europe and another set for everywhere else. Worse, they have to comply with multiple sets of legal requirements. 

      But it doesn’t have to be this way. While the GDPR privacy requirements are strict and the penalties potentially huge, companies that are making a good-faith effort to be compliant aren’t going to be severely punished.

      Your company can eliminate the pain of having multiple privacy policies by simply having one that meets global requirements, in other words, by having GDPR compliant practices throughout your company, not just in the parts the deal with the EU. Some big enterprises are doing just that, including no less a global technology giant than Microsoft, which has announced that it’s providing GDPR rights to everyone. 

      “We believe privacy is a fundamental human right,” Microsoft’s deputy general counsel Julie Brill said in her blog on the topic. Brill said that privacy has grown in importance as people spend more time online, and expose more of their personal activities online. 

      “Privacy is also the foundation for trust,” Brill continued. “We know that people will only use technology that they trust.” 

      “That’s why today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide,” Brill explained. “Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else.” 

      Meanwhile, Facebook and Google have also said that the companies are GDPR compliant, although not as explicitly as Microsoft. 

      What’s important about Microsoft’s approach is that the company has settled on one standard for how it protects privacy everywhere in the world. That means that its U.S. customers will get European level privacy, despite the fact that it’s not required under U.S. law. The same is true in all other parts of the world. 

      For Microsoft and for other companies that have any exposure to EU privacy rules, this makes a lot of sense. It costs money to develop multiple standards, it costs more money to coordinate which standards apply where and under what circumstances and more yet to find ways to automate how those multiple standards apply. 

      By adopting the EU’s GDPR, Microsoft only has to support one standard. The cost of developing legal privacy standards for many different places has gone away. Now there’s just one. And because the GDPR is both more specific and broader, it apparently meets the requirements everywhere else as well. 

      This is not to suggest that changing your privacy policies so that they comply with the GDPR is going to be easy or cheap. But the reality is that if your company has a significant presence in Europe, you’re going to have to create GDPR-compliant practices anyway.  But establishing the EU standard for everyone eliminates the complexity of supporting other standards. 

      Unfortunately, as Google and Facebook have found out, just saying that your company is supporting the GDPR isn’t enough. Both companies were sued for GDPR violations on May 25, the day the regulation went into effect. 

      The lawsuits, which would force the courts to impose fines of €3.7 billion and €3.9 billion respectively, say that the companies are not actually meeting GDPR requirements. At issue, according to Austrian activist Max Schrems, the EU citizen who filed them, is the single check box the companies use to accept their privacy policies. The GDPR requires that you have a choice of which policies to accept and that it’s not an all-or-noting choice. 

      On the other hand, Microsoft, which has transparently adopted the GDPR requirements globally has not been sued. 

      What this demonstrates is that it’s possible to have a global privacy standard. However, for your global privacy standard to work, you have to make sure you actually meet the GDPR requirements. 

      Microsoft is helping in this area as well. The company has created a resource that provides sample privacy policies, model clauses and help with complying with the U.S. Privacy Shield. Microsoft has also revised its cloud service so that it complies with the GDPR and it’s provided a compliant version of Office 365. 

      While some might view this effort on Microsoft’s part as a cynical attempt to profit from the angst over the new rules, I don’t see it that way. Microsoft has demonstrated a long commitment to privacy for years and has done battle with an aggressive U.S. Justice Department to protect its customers’ privacy. These aren’t the actions of a company trying to leverage its way into a fast buck. 

      Of course, you don’t have to pay attention to GDPR compliance. If you’re a company that doesn’t seek business in the EU and which rejects contact with that potential community of customers, you’re probably fine. Just be careful that you don’t violate the GDPR in the process.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×