EU’s data law will be ‘global standard’

By Pádraig Hoare

The EU’s incoming General Data Protection Regulation (GDPR) will become the “global standard”, an Irish expert has warned — as 100 IBM executives descend on Washington DC to implore Congress not to introduce similar rules in the US.

The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection.

Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins on May 25, meaning penalties can be imposed from day one.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. 

It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

IBM bosses, who are scheduled to meet with about 200 members of Congress and staff members this week, will tell lawmakers the US needs its own privacy framework and shouldn’t adopt the GDPR.

“GDPR may work for Europe, but that doesn’t mean it should become a global standard,” Christopher Padilla, IBM’s vice president of government and regulatory affairs, said.

However, CEO of Dublin-based Ward Solutions, Pat Larkin, said the GDPR was already on its way to becoming the global standard. 

Ward Solutions has been working with firms on GDPR compliance for two years yet some companies are only enquiring now, he said.

I believe it will become the de facto global standard, because it applies to companies and organisations doing business in the EU and those with EU agreements. There is significantly less awareness outside the EU and the penny still has not dropped for even many large firms. But the fact is that if you effectively accept customers that are in the EU, then you need to be compliant.

Mr Larkin said business models would have to change. 

“There are still firms coming to our door, looking to become compliant. The ignorance of the law is still out there. Firms must realise business processes will need to be put in to reflect GDPR. It could potentially impede business models, no question.” 

IBM is arguing the US government should instead partner with industry groups to craft a new data privacy framework “tailored to America’s needs”.

“Doing nothing is not an option,” Mr Padilla said. “But we don’t think a one-size-fits-all approach works necessarily here.”

Additional reporting Bloomberg

Related Articles

Dixons Carphone data breach affected millions more than first thought

GDPR: Everything you need to know about the new data laws

Warning to businesses after three companies admit sending unsolicited marketing messages

WhatsApp boss Jan Koum to leave Facebook amid data scandal

More in this Section

European stocks fall as Turkey fears heighten

Investors not sold on Air France boss

Greece not out of the woods

Eurozone borrowing demand set to increase, says ECB

Today's Stories

Doubts Donald Trump’s growth spurt can be sustained

More From The Irish Examiner