May 29 2018

GDPR privacy and data protection – the new global standard?

As of Friday, May 25th, European Union regulators began enforcing the General Data Protection Regulation (GDPR). In case you haven’t heard of GDPR, or not noticed the recent multitudes of privacy policy emails in your inbox from third-parties, GDPR is an EU privacy and data protection law that provides for greater control over EU residents’ personal information, and requires organizations to safeguard that information handled in their systems.

To many privacy advocates, GDPR has been hailed as the privacy standard for governments and businesses located outside of the EU to follow as well; however, some business have been hesitant in adopting these GDPR provisions, and, it seems, not because of the operational burden and costs to comply (see Facebook).

In a major announcement last week, Microsoft committed that they will be extending their GDPR obligations to everyone in the world, not just EU residents.

This may seem uninteresting, but Microsoft – and Apple – appear to stand alone on the side of strong privacy among US tech giants. Apple has been viewed by some as a red-headed stepchild, but Microsoft will turn more heads, and could start a domino effect.

There’s little doubt that Microsoft learned in the 1990s not to fight regulators, a lesson that Facebook gives the impression they’re still learning. The tide should influence your business model, not the other way around.