Experts praise GDPR’s five-year milestone

The GDPR, which took effect five years ago on May 25, has had an impact on US data protection laws and is likely to assert itself even as artificial intelligence poses new data protection challenges.

Basically a General Data Protection RegulationFocused on the right to privacy – giving people the source of their data – it allows individuals to dictate how companies, including data brokers, use their personally identifiable information.

The GDPR – the European Union-wide data protection regulation – has an extraterritorial scope, meaning that platforms and websites outside the EU that handle traffic related to the identity information of people within the EU must also comply with the guidelines of the directive.

The largest monetary consequence of this provision so far has been seven $1.3 billion fine for Meta and an order to stop the processing of European Union user data in the United States

As Cookiebot’s consent management platform explainsThe laws of the GDPR require that before processing personally identifiable information, a website that interacts with visitors within the EU:

• Ask users for clear and unambiguous consent.
• Define in an easy-to-understand manner the cookies and other tracking technologies that are present and operating on your pages, allowing users to consent and withdraw consent for each category of cookies.
• Be able to securely and confidentially document each user’s consent and be able to regularly request renewed consent.

Experts praise the GDPR, but say more is needed

Several experts weighed in on the benefits of GDPR at WithSecure’s Sphere23 event in Helsinki, Finland.

“The European Commission is criticized for a lot of things, but GDPR is the one thing where you can hold your head up and say, ‘We led the world on this.’ According to regulatory milestones, this is the equivalent of climbing Everest. And it seems to be working as other jurisdictions are following suit,” said Paul Brucciani, cybersecurity consultant at WithSecure.

He noted that the fragmentation of the internet, driven by the pursuit of digital power, has created complexity that the EU has addressed with GDPR and is applying to new technologies. “For example, artificial intelligence is the next big area to be regulated, and the EU has once again stepped forward with the proposed AI Act, a legal framework that aims to be innovation-friendly, future-proof and flexible. it bothers me,” he said.

Sylvain Cortes, vice president of strategy at Hackuity, says it’s a good start, but not enough.

“Compliance is essential, but we encourage organizations to take the opportunity to think beyond the basic requirements to create a culture of continuous cyber improvement,” he said. “It is important to remember that achieving compliance should not be treated as an ‘exam’ with the ultimate effort to complete annual or quarterly audits. The goal is to achieve more than the minimum requirements and move away from a tick-box mindset. GDPR compliance is necessary, but not sufficient for modern organizations,” he added.

Waves of influence outside Europe (in the United States)

While the United States lacks national privacy laws, eight states have so far enacted either comprehensive privacy legislation or more limited or tailored legislation that empowers consumers to choose how their personal information is marketed. These include:

Maine, Colorado, Utah, Iowa, Indiana and Connecticut they are also on a growing list of states that have comprehensive or individualized privacy laws. Similar bills await governors’ signatures in Montana, Texas and Florida.

Jeff Reich, the company’s managing director Identity Defined Security Alliancesaid that these laws and other future laws are due to GDPR.

“The rock in the pond that is GDPR continues to create ripples that affect everything in the area,” he said. “Seven years after the adoption of the GDPR, five years after the start of implementation, it is difficult not to see the results of the regulation to this day. Traders and salespeople know what to do, even if they don’t yet know how to do it. The best behavior change happens with consumers.”

He said the biggest long-term benefit may be consumers’ ability to recognize the value of their identity and the security that protects their personal information.