Google and GDPR Compliance – A Massive Undertaking
The new EU data protection law – called the General Data Protection Regulation – has caused panic among every company across the globe. Until now, companies were free to collect user information surreptitiously and sell them to whoever they wanted to for marketing or monetary gains. But with this new regulation coming into effect on the 25th of May, companies are scurrying to update their privacy policies. The most painstaking part is updating every single user of the changes in the privacy policies. For large companies, this has resulted in a lot of work.
Google is on an Email Blitzkrieg
Google, for instance, has said that informing every user and partner about the changes in their privacy policy has led to the biggest ever email campaign. Like every other company, the changes have been brought to meet the strict new European Union rules, but Google has several million users across the world.
There is hardly anyone today who doesn’t use a Google product or service. Rolling out the information to every user and every partner required effort, and has turned into the largest email campaign in the history of the company.
Google and GDPR Compliance – A Massive Undertaking
Peter Fleischer, Google’s global privacy counsel, said at a data protection conference in Berlin that the numbers were so large that it would take them almost a week to inform everyone worldwide.
Fleischer said that so far the company has spent over 500 hours, fixing tens of thousands of bugs, examining over a thousand products and projects to meet the new rules. He added that they had to update an incredible 12.5 million contracts with companies that Google is associated with some way or the other, such as the analytic or advertising partners.
These steps aren’t only meant to ensure that Google stays in compliance with the new rules, but also bring into compliance other businesses associated with Google.
So why such a rush for getting into compliance with EU data protection laws? Because the EU will fine any company that is not in compliance, and the fine is huge. The pressure is monumental on companies using or processing EU personal data. From the 25th of May this year, privacy regulators across the European Union will get the powers to levy fines of as much as four percent of the company’s annual sales.
Some hope
Currently, data protection laws in the EU vary from one country to another, and not every regulator is able to levy fines. But from the end of this month, the law is the same for the whole of EU, and every watchdog will be able to fine companies not in compliance.
The new EU law holds the companies processing data for obtaining consent for doing so, besides imposing stricter regulations on how the data is used.
For a long time, companies collected and used data in any way they liked. Personal information was sold to advertising partners, without users even getting to know about it. Companies like Google and Facebook are also accused of putting trackers in web browsers of users to collect information even they were offline. From the sites they visited to the ads they clicked on, every activity was tracked without any knowledge of the user. All that is going to end on the 25th of May.
It isn’t only companies that are scurrying to comply. EU nations are also under pressure to adapt the national rules to the GDPR. So far, only four countries – Sweden, Germany, Austria, and Slovakia – have been able to do so, and even then the European Commission thinks the changes aren’t up to the mark.
EU is Putting Pressure on Itself
EU Justice Commissioner Vera Jourova has said that not even the slightest deviation from the new rule will be allowed. She also stated that at least eight countries will probably not be in compliance by the end of the month.
With hardly a few days to go until the deadline, several small and medium-sized companies are in panic. The European Commission has been issuing advice to such enterprises because it knows that not everyone will be ready the deadline.
Those who aren’t ready are conveniently blocking EU users. Several sites have already blocked European users until further notice, while others claim the block is temporary as they work on updating their policies.
Their decision
Some companies claim that they cannot function in compliance with the GDPR and have to block EU users as a result as just stated. Data experts said that organizations outside of the EU blocking users within the EU have little regard for privacy protection, and have chosen to ignore one of the world’s largest consumer markets. In terms of Google abiding the new regulations, only time will tell whether the steps the tech giant has taken are actually enough to protect users’ private data.