EU’s data law will be ‘global standard’

By Pádraig Hoare

The EU’s incoming General Data Protection Regulation (GDPR) will become the “global standard”, an Irish expert has warned — as 100 IBM executives descend on Washington DC to implore Congress not to introduce similar rules in the US.

The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection.

Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins on May 25, meaning penalties can be imposed from day one.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. 

It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

IBM bosses, who are scheduled to meet with about 200 members of Congress and staff members this week, will tell lawmakers the US needs its own privacy framework and shouldn’t adopt the GDPR.

“GDPR may work for Europe, but that doesn’t mean it should become a global standard,” Christopher Padilla, IBM’s vice president of government and regulatory affairs, said.

However, CEO of Dublin-based Ward Solutions, Pat Larkin, said the GDPR was already on its way to becoming the global standard. 

Ward Solutions has been working with firms on GDPR compliance for two years yet some companies are only enquiring now, he said.

I believe it will become the de facto global standard, because it applies to companies and organisations doing business in the EU and those with EU agreements. There is significantly less awareness outside the EU and the penny still has not dropped for even many large firms. But the fact is that if you effectively accept customers that are in the EU, then you need to be compliant.

Mr Larkin said business models would have to change. 

“There are still firms coming to our door, looking to become compliant. The ignorance of the law is still out there. Firms must realise business processes will need to be put in to reflect GDPR. It could potentially impede business models, no question.” 

IBM is arguing the US government should instead partner with industry groups to craft a new data privacy framework “tailored to America’s needs”.

“Doing nothing is not an option,” Mr Padilla said. “But we don’t think a one-size-fits-all approach works necessarily here.”

Additional reporting Bloomberg

Related Articles

LINDSAY WOODS: 'Her account showcases her home, with a dash of diamante and mirrored occasional furniture'

More than 5,000 affected by Park by Phone data breach

UCD Students' Union suspends Leap Cards over data protection fears

Stolen Eir laptop decrypted by faulty update; 37,000 customers affected by data breach

More in this Section

Ex-Lib Dem leader Nick Clegg lands top role with Facebook

Spain’s government proposes taxes on internet giants

Google’s Staying Ahead reveals appetite of SMEs for online sales

Ryanair signs agreement with Portuguese pilots' union

Breaking Stories

As Karlie Kloss marries Joshua Kushner, here are 8 of her biggest fashion moments

This clever new app can help new parents decide if their baby needs to see a doctor

‘Acne won’t stop me living my life’ – Millie Mackintosh on how she got her skin under control

'Jesus, did I paint them?’; Robert Ballagh reacts to the nude portraits to him and his wife

More From The Irish Examiner