Assignment task:
The General Data Protection Regulation, GDPR, is a privacy law drafted and passed by the EU that went into effect on May 25, 2018. It imposes obligations on organizations anywhere that process the personal data of EU citizens/residents or offer goods or services to such people (Wolford, n.d.). Its aim is to give consumers more control over their personal information like the right to access or delete their data. Companies that violate GDPR can face serious fines of up to 20 million euros or 4% of global annual revenues, whichever is bigger. In addition, data subjects have the right to seek compensation for damages. For global companies with operations in the E.U, this law means that they must get deliberate consent from users before collecting their personal data and notifying authorities of data breaches within 72 hours (Schulze, 2019).
The GDPR is a harmonized privacy law across EU nations that provides data privacy protections for users. It contrasts clearly against the data protection legislation we have here in the United States which are established by individual states. Enacting a federal privacy law with a strong level of data privacy protection that supersedes those of individual states will provide clarity and harmony on the privacy laws companies must adhere to.
The international presence of many companies is a good reason why a global consensus on privacy law would be ideal. That way, global organizations have a clear understanding of what the privacy law is, and it reduces the complexity in adhering to several policies that are specific to particular regions of the globe when conducting business.
References:
Ben Wolford. (n.d.). What is GDPR, the EU's new data protection law? GDPR.EU.
Elizabeth Schulze [CNBC International]. (2019, May 22). GDPR: Could Europe's massive privacy laws go global? [Video].