EU’s data law will be ‘global standard’

EU’s data law will be ‘global standard’

By Pádraig Hoare

The EU’s incoming General Data Protection Regulation (GDPR) will become the “global standard”, an Irish expert has warned — as 100 IBM executives descend on Washington DC to implore Congress not to introduce similar rules in the US.

The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection.

Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins on May 25, meaning penalties can be imposed from day one.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. 

It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

IBM bosses, who are scheduled to meet with about 200 members of Congress and staff members this week, will tell lawmakers the US needs its own privacy framework and shouldn’t adopt the GDPR.

“GDPR may work for Europe, but that doesn’t mean it should become a global standard,” Christopher Padilla, IBM’s vice president of government and regulatory affairs, said.

However, CEO of Dublin-based Ward Solutions, Pat Larkin, said the GDPR was already on its way to becoming the global standard. 

Ward Solutions has been working with firms on GDPR compliance for two years yet some companies are only enquiring now, he said.

I believe it will become the de facto global standard, because it applies to companies and organisations doing business in the EU and those with EU agreements. There is significantly less awareness outside the EU and the penny still has not dropped for even many large firms. But the fact is that if you effectively accept customers that are in the EU, then you need to be compliant.

Mr Larkin said business models would have to change. 

“There are still firms coming to our door, looking to become compliant. The ignorance of the law is still out there. Firms must realise business processes will need to be put in to reflect GDPR. It could potentially impede business models, no question.” 

IBM is arguing the US government should instead partner with industry groups to craft a new data privacy framework “tailored to America’s needs”.

“Doing nothing is not an option,” Mr Padilla said. “But we don’t think a one-size-fits-all approach works necessarily here.”

Additional reporting Bloomberg

More on this topic

Interpretation of data-protection laws hampering efforts to safeguard vulnerable people from abuse, claims reportInterpretation of data-protection laws hampering efforts to safeguard vulnerable people from abuse, claims report

TD 'can’t figure out' why Passport Office would give customer data to some State bodiesTD 'can’t figure out' why Passport Office would give customer data to some State bodies

Data Protection Commissioner says she received 'significantly less funding than requested from GovernmentData Protection Commissioner says she received 'significantly less funding than requested from Government

DPC’s role regulating tech giants ‘disproportionate’DPC’s role regulating tech giants ‘disproportionate’

More in this Section

China welcomes preliminary deal in trade war it blames on USChina welcomes preliminary deal in trade war it blames on US

Irish shares climb as election drives sterlingIrish shares climb as election drives sterling

Profits fall at hotel groupProfits fall at hotel group

Profits rise 35% as gym group Flyefit expandsProfits rise 35% as gym group Flyefit expands


Lifestyle

Abstracts with a structural focus.Meet artist Shane O'Driscoll: 'For such a small island, we have a massive reach creatively across the world'

Ciara McDonnell shares seven of the best places to ring in the new year abroad.7 of the best holiday destinations to ring in 2020

More From The Irish Examiner