Since 2018, General Data Protection Regulation (GDPR) has been on everyone’s lips – and for good reason. It’s the gold standard for consumer protection. While privacy laws present challenges to enterprises big and small, we can’t escape the reality that consumer data is constantly mined and sold. If you have customers in the European Union, or if any of your data passes through the EU, it’s subject to GDPR requirements, such as data minimization, storage limitations, data security, and accountability.
What strikes fear in people’s hearts are the fines; severe infractions can be up to $20M or 4% of annual turnover, whichever is greater. In 2021, total penalties were seven times greater than 2020, the bulk of that coming from record fines for Amazon (€746m or $827M USD) and WhatsApp (€225m or $249M USD). While both companies are appealing these decisions, the legal battle will likely be long and costly. (If you want to read more scary stories, learn about the 25 biggest fines to date.
In addition to the financial risks, there are also reputational risks to consider. Violations of any size turn into stories about abusing consumer trust and recklessly sharing personal data – just look at British Airways’ data breach in 2018. In addition to a $26M fine, the CEO publicly apologized and their stock took a dive as they attempted to rebuild trust with their customers.
Finally, decisions such as Schrems II could completely alter the way multinationals do business in the EU or with EU data. For instance, Facebook has been threatening to pull out of the EU altogether, though that remains to be seen. Most recently, on March 25, 2022, the US and the EU announced an agreement-in-principle to address the flaws of Schrems II, leading some to wonder if we’re headed to a Schrems III. What’s clear is data privacy laws are evolving. Companies need to evolve with them.
Again, GDPR is an important policy – data collection is constant, which means consumers should have a say in what can be collected, what happens to that data, and how that data is protected. As the strongest consumer protection to date, GDPR provides a model for others to follow; for instance, the UK’s privacy laws are essentially a carbon copy.
To support GDPR compliance at your organization, learn more about Cribl Stream, which will help you reduce the chance of fines and reputational hazards. By limiting what data you ingest, you’ll limit potential risks. Cribl Stream’s masking functionality could mean the difference in massive fine and a loss of customer trust.
The fastest way to get started with Cribl Stream and Cribl Edge is to try the Free Cloud Sandboxes.
