What is GDPR? How it Impacts Different Industries?

Over the last years, data breaches have gained widespread attention as businesses become increasingly reliant on digital data, cloud computing and remote working.

Data breaches expose sensitive information that often leaves the exposed individual or the company at risk of identity theft, business loss and reputational damage.

According to a recent study by Ponemon Institute and IBM, the global average number of data breaches stood at 24,615 per country in 2018, up by 2.2% from 2017. Around 31,465 records were breached in the US during the 12 months of the study review.

Thus, compliance and regulations emerged as the need of the hour to ensure information security.

Global countries are creating laws and regulations to provide guidelines for companies and organizations to protect their citizens’ data and privacy.

The European Union’s General Data Protection Regulation (GDPR) is one such game-changing data privacy regulations that the world has witnessed in years.

GDPR, which came into effect on May 25, 2018, pressed every business, government and public sector entity to adequately protect, process and store information of EU residents.

Any business that processes or handles EU citizens’ data within EU states must adhere to GDPR even if they don’t have their presence within Europe.

Businesses are subject to GDPR if:

  • They have a presence in an EU country
  • They have more than 250 employees
  • They process personal data of European residents
  • They have data processing methods that affect the rights and freedom of data subjects

GDPR Covers the Protection of Following Data

  • Personal information including name, address, DoB
  • Web-based information such as location, IP address, cookie data, and RFID tags
  • Biometric data
  • Health and genetic data
  • Political preferences
  • Sexual orientation
  • Racial, culture or ethnic data
  • Financial information
  • Social media data

With GDPR, consumers now have the right to allow or restrict businesses to access their information. Moreover, GDPR calls for the ‘Right To Be Forgotten’ concept, where Individuals can demand permanent deletion or erasure of their data.

As almost all businesses participate in the processing of personal data in one or more processes, all organizations across industries are obliged to adopt procedures, policies and systems to become compliant with EU GDPR.

A recent survey by PwC revealed that 92% of the US-based companies consider GDPR as a top data protection priority. In fact, 68% expect to have spent USD 1 million to USD 10 million for GDPR compliance, while 9% are willing to pay more than USD 10 million.

Besides introducing many revolutionary data regulations, GDPR proposed hefty penalties if companies failed to comply with the new regulations. Organizations will face a fine up to EUR 20 million or 4% of their global revenue, whichever is higher.

Over the last year, GDPR has significantly impacted the industries globally, irrespective of region, size and service offerings.

Let’s find out the top industries that are most affected by GDPR

1) Social Media Platforms

Social Media Platforms Security

Social media marketing is one of the most affected industries by GDPR. The social media and online communities are pressed to fully disclose and make it clear to the users how their personal information is gathered and used. Moreover, the marketers are also obliged to receive full consent from the users to utilize their data.

GDPR made it harder for social media companies to track customer information and behavior for systematic targeting and profiling.

Recently, Facebook faced a USD 652,000 penalty from the UK’s Information Commissioner Office (ICO) in the Cambridge Analytica scandal that involved unauthorized access to personal data of around 87 million users.

This is where GDPR comes in.

Now, social media marketers must obtain explicit consent from customers to process personal information for the purpose of social media advertising.

2) Financial Services

Financial Services Security

Banks and financial institutes collect vast amounts of customer data, which is used for various activities such as client onboarding, customer relationship management and accounting. During these activities, customer data is exposed to a large number of different people and third-party vendors.

With the implementation of GDPR, these financial institutes are compelled to comply with proper visibility protocols that allow customers to access their data directly.

The banks and financial companies are liable to present information safely and reliably whenever they demand to see their relevant data.

Moreover, the financial industries are incited to deploy convenient and easy-to-use tools to facilitate customers with complete control and accessibility.

3) Ecommerce

Ecommerce Security

No industry has felt the force of GDPR more than the online retailers and businesses.

The e-commerce industry is on the front line of GDPR because of the connected nature of modern retail services.

Online shopping websites that track customer identity for advanced metrics, proper targeting or even customization based on past purchases are at risk due to GDPR.

According to the study ‘Regulating Privacy Online: The Early Impact of GDPR on European Web Traffic and E-commerce,’ e-commerce revenue decreased by 8.3%, page views fell by 9.7% and website visits dropped by 9.9% due to GDPR.

4) Technology Sector

Technology Sector Security

The implications of GDPR on IT companies that provide software products and services are enormous. The IT firms are compelled to revisit their business processes that deal with PII (Personally Identifiable Information) and assess the level of compliance with GDPR.

The organizations are pressed to assess their technology platforms and data architecture including various information systems, websites, databases, data warehouses, and data processing platforms to meet the GDPR requirements.

Another challenge faced by the technology companies under GDPR is the need to employ Data Protection Officers (DPOs) and respond to any data breach within the 72-hour window.

Meanwhile, the cloud providers and remote service providers are also supposed to adopt stringent security measures, standards and regulations within their organizations to protect and handle customer data to ensure they remain compliant with GDPR.

5) Healthcare and Medical

Healthcare and Medical Security

GDPR has radically altered the way patient data is managed in the healthcare sector by giving every patient more control over the personal information that is collected and how it is used.

GDPR has proposed ‘detailed patient profiles’ inciting healthcare providers to have more detailed information about their patients, which led to a better and more accurate diagnosis.

However, the ‘right to be forgotten’ aspect of GDPR has contradicted the standard practice for healthcare organizations to retain patient data even after the discharge or death of a patient.

With GDPR, the information can only be kept or stored for a specific length of time alongside limits for how it’s stored as well.

In Conclusion
Achieving sustainable GDPR compliance may sound overwhelming, but it makes the business more efficient, competitive, and secure.

The new regulation has brought about many opportunities for differentiation, strategic advantage, and innovation in a highly competitive marketplace.

Is your company GDPR Compliant? If not, contact Stealthlabs before it is too late.

How Can Stealthlabs Help?

StealthLabs is a US-based IT Security Services and Solutions provider with strong domain expertise. Our offerings include Compliance Advisory Services, Incident Management Services, Identity and Access Management Services, and Managed IT Cybersecurity Services.

With deep expertise in implementing cybersecurity compliance standards, we are serving businesses across various US locations including Texas, New York, California, Florida, New Jersey, and Washington, among others.

Contact Us