The General Data Protection Regulation, (“GDPR”), is celebrating its 5th anniversary! So we are taking the opportunity to take a fresh look at the impact of GDPR, both within the EU and beyond. In particular, this article will consider the impact of GDPR on the tech industry and the resulting importance of investing in data governance.
In the EU
The impact of GDPR in driving compliance and innovation within the tech industry is very evident. Data protection regulators are empowered to enforce guidelines and impose fines on companies that neglect to comply with personal data processing standards. This newfound empowerment has drawn the ire of regulators toward tech giants like Meta, Amazon, and Google. This year Meta incurred the largest fine to date amounting to €1.2 billion. Similarly, Amazon faced a significant fine of €746 million in 2021, while Google has been hit with multiple penalties since 2019. These penalties have underscored the intensified scrutiny faced by tech companies, and the growing imperative to reach compliance.
The reverberating effect of GDPR has led to the enforcement of privacy rights by more individuals. Several non-EU countries have also accelerated the process of tightening their data protection and privacy regulations. Across Europe there have been additional moves to enforce and extend GDPR. The Court of Justice of the European issued the Schrems II , which decided that Facebook's data transfer to the US was not compliant with GDPR. The French agency CNIL has also been actively enforcing GDPR with hefty fines. Additionally, EU regulators are turning their attention to everything from IOT to AI. It seems that within the EU, GDPR and its related rulings are only gaining in momentum.
But what about outside of the EU?
GDPR by its very nature is global in scope. The extraterritorial reach of GDPR means that the regulation applies not only to organizations located within the EU but also to organizations outside the EU that process the personal data of individuals within the EU.
To really understand how it might be impacting companies outside of the EU, we need to understand The Brussels Effect. From this vantage point, GDPR is not just a regional regulation, but the start of a global tightening of consumer data protection that is set to intensify.
The Brussels Effect refers to the ability of the EU to influence the rules and regulations of other countries and impact their citizens' lives through market mechanisms.With this, a single country (in this case Belgium), has been able to globalize their policies because of the sheer multinational nature of business and the significant clout that the EU wields on a global basis.
What is perhaps more interesting is that the Brussel’s Effect has led to a ratcheting up of other similar regulations across the globe by other nations. For example, following GDPR, we have seen the emergence of APPI in Japan and CCPA in California.
- GDPR is spreading due to the Brussel’s effect
- GDPR has influenced multinational companies' data protection practices towards other citizens who are not covered by the GDPR
- There has also been a notable spillover of similar regulations in other countries thanks to GDPR
The post Brexit promise has been a UK that is free from its pro-regulation neighbor. For now the UK has adopted UK GDPR which is strikingly similar to the EU regulation. The ruling party has pledged that GDPR would be scrapped in favor of new UK data protection laws, suggesting that new laws will have less stringent regulation. This may lead many companies in the UK to think that GDPR is just a temporary annoyance, and not worth investing in. However, as the EU remains its most important trade partner this may not be the case. Furthermore, with Brexit, the EU lost its most powerful pro-market voice so we might see the remaining member states imposing more stringent rules.
Investing in data governance unlocks growth
For most companies customer data is at the heart of everything they do. These regulations have come at a time when companies are investing more in technologies that drive insights around customer experience, not less. But while gathering customer insights can be challenging in light of GDPR, Forbes highlights that there are also opportunities for those companies gathering these insights, provided they are willing to invest in data governance.
What is data governance?
Data governance is the process of managing an organization's data assets through policies, standards, and rules. It ensures that data is accurate, reliable, and accessible while complying with legal and regulatory requirements. To achieve effective data governance, organizations typically use a framework that outlines the processes, policies, and standards for managing data assets. The framework provides a structured approach to data governance and helps organizations establish best practices for collecting, storing, using, protecting, and sharing data.
Effective data governance also promotes collaboration and communication among different departments within an organization, leading to more seamless integration of data and better overall performance.
Data governance does not usually inspire a lot of enthusiasm. However, investment in good data governance and enablement can not only help organizations navigate GDPR, but truly grow and thrive.
The benefits of good data governance
- Increased efficiency and productivity
- Better risk management
- Compliance with legal and regulatory requirements
- Enhanced data quality
- Better decision making to impact top-line growth
GDPR's enforcement has led to increased compliance and innovation within the EU tech industry, with hefty fines imposed on major companies. The extraterritorial reach of GDPR has influenced data protection regulations worldwide, creating a global tightening of consumer data protection. This "Brussels Effect" has led to the emergence of similar regulations in other countries. In the UK, although there are plans to replace GDPR with new data protection laws, investing in GDPR compliance remains crucial due to the EU's influence and the importance of EU trade. Investing in data governance is essential for organizations to navigate GDPR successfully and unlock growth opportunities. Effective data governance ensures data accuracy, reliability, compliance, and better decision-making, driving efficiency and productivity. Prioritizing data governance is a strategic investment for long-term success in the digital era.
For more guidance on how Amplitude can help you meet data privacy requirements, contact us here.