News

Does Gdpr Really Protect Consumers – Or Is It Just Profiteering? 

by Vesna Novkovic
by Vesna Novkovic Source: epiuselabs.com

It’s fair to say the EU’s General Data Protection Regulation (GDPR) introduced in March 2018 has not been kind to small businesses. And it’s not exactly working all that well for consumers either.

Implementing data privacy laws caused a lot of upheaval and expense for small business owners. Moving forward, the growing threat of hackers is a concern and expense for business owners. A data breach is punished under the auspices of GDPR.

Data privacy laws are behind the obligation for small businesses to splurge part of their budgets on building adequate cybersecurity defences. The shift in budget allocation means that businesses are not able to grow as quickly as they might if GDPR did not exist.

What’s more, we should be asking whether GDPR is really worth it. Does GDPR really work? According to Wired, no it doesn’t. Data brokers are still compiling consumer information and selling it for profit. You will know this is true because of the unsolicited ads that land in your inbox every day.

Source: 9to5mac.com

Moreover, GDPR was introduced because Google, WhatsApp, Facebook, and Instagram were abusing user right to privacy. The tech giants were accused of forcing people to give up their data without obtaining proper consent.

The only difference now is that we give consent to use services by the tech companies. And if we don’t give consent we can’t use their services. But they are still using our data for their customers – businesses – to send targeted ads.

Essentially, our privacy is being invaded by companies that have purchased data from Google and Facebook. And how do Facebook and Google make their money?

How GDPR Can Crush Your Business

Source: ibexa.co

GDPR administrators have recouped over 2 trillion dollars in fines. At the time of writing in December 2024, it was reported that a total of €2,380,276,317 has been collected.

Firms that are held accountable for a data breach are fined around 2% of the company’s global turnover. However, penalties are calibrated to take into account mitigating circumstances such as whether the cybersecurity measures are adequate in relation to your budget.

However, it’s not the fines under GDPR that cripple a business. It’s the obligation to report a data breach to affected parties.

Reports reveal that 60% of small businesses are forced to close their doors following a data breach. The principal reason for the forced closure is a damaged reputation.

A survey conducted by Thales involving more than 100,000 respondents found that 70% of consumers would not continue doing business with a company that has suffered a data breach.

So no, the GDPR penalty is not the issue. It is the provisions of the data laws that cause the most damage to small businesses.

What’s more, the Information Commissioners Office (ICO), the administrators responsible for investigating non-compliance and awarding penalties previously stated it would focus on targeting larger companies that “cause serious and sustained harm to individuals.”

“We will have more powers to stop companies processing data, but we only take action where there has been serious and sustained harm to individuals…What this new fining power gives us is the ability to go after larger, global and sometimes multi-national companies where the old £500,000 fine would just be pocket change.”

This statement is half true. The biggest fines have been against Meta Platforms. But have you ever been notified by Facebook that they are breaching data privacy laws?

And are you still receiving targeted ads on Facebook?

Source: allconnect.com

Furthermore, if you look at the ICO’s Enforcement Tracker, there is a list of 1,538 entries, most of which are small businesses and individuals. The reasons given are either “Non-compliance with general data processing principles” or “insufficient legal basis for data processing”. The fines typically range from €1000 to €100,000.

The data does not appear as though the ICO is using its fining power to “go after large companies”. A 2% fine for Meta is pocket change to the tech giant.

But if everyone was aware they are selling your data and stopped using Facebook, Instagram, and What’sApp. Then we might see Meta experiencing the same end small businesses with damaged reputations suffer.

What Constitutes As A Data Breach

Source: information-age.com

The ICO determined that the data is “Non-compliance with general data processing principles.” A data breach is defined as:

“…a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.”

What this means for small businesses is that you have to install adequate cybersecurity defences that protect your business network – and subsequently consumer data – from hackers.

That puts the onus on small businesses to invest in various cybersecurity measures such as anti-virus software, VPNs, data encryption software, and multi-factor authentication as a bare minimum. There are also other layers you can add to your network perimeters such as virtual desktops and permission in cloud-based software.

In addition, you should provide your staff with cybersecurity training. If people are aware of the technologies and techniques used by hackers, they have a 90% higher chance of successfully defending against cyberattacks.

Small businesses that demonstrate they have built adequate cybersecurity defences from the budget at their disposal should escape with a small penalty = providing they meet the requirements of Article 32:

  • encrypt data
  • Ensure ongoing confidentiality and integrity
  • ability to restore personal data in a timely manner
  • Regularly test and evaluate the effectiveness of security measures

There is some good news for small business owners. Companies that employ less than 250 staff are not legally obliged to keep records of how they process data. However, you still have the responsibility to protect the sensitive data of your customers.

Wrap Up

Statistical data and empirical evidence indicate that GDPR is not serving consumers as the data protection laws are supposed to. We were told GDPR was to prevent businesses from misusing personal data. That doesn’t appear to be happening. Meanwhile, small businesses are being fined and put out of business.

Vesna is a staff writer and content editor at TheFrisky.

Related Posts

E-Signatures: Essential for Remote Work Efficiency

7 Reasons Why You Should Hire a Top...

10 Best Google Analytics ETL Tools for 2024

© 2024 - All Right Reserved.

TheFrisky.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. Amazon, the Amazon logo, AmazonSupply, and the AmazonSupply logo are trademarks of Amazon.com, Inc. or its affiliates.

We at TheFrisky participate in various affiliate marketing programs, which means we may earn commissions on products or services that we recommend or promote through our website. When you click on a link to purchase a product or service that we have recommended or promoted, we may earn a commission from the sale. This commission helps us maintain and improve our website and provide you with valuable information and resources.

Terms and Conditions - Privacy Policy