You’ve already got the right to say what you want and believe what you want. But, under new EU regulations, effective May 25, 2018, you will soon have the right to forget what you want, too.
The General Data Protection Regulation (GDPR) is the biggest overhaul of EU security policy in decades. Under the law, consumers will enjoy the “right to be forgotten,” meaning any EU citizen can request an entity destroy any personal data involving them “without undue delay.”
“So what?” you might think, “My business isn’t based in Europe.”
It doesn’t matter where you’re operating from; the GDPR’s ability to enforce is guaranteed based on the consumer’s citizenship, not by the business’ location. If it’s possible that you have any data collected from EU consumers, the GDPR applies to you.
Plus, there is a lot of interest in expanding the GDPR to new markets. Facebook is enforcing the policy globally in the wake of the Cambridge Analytica scandal, and other businesses will likely follow suit.
Remember: this is not just another minor policy update. The GDPR’s impact is far-reaching. In fact, it will fundamentally change the dynamic of the retail market…and not always for the best.
The GDPR: Explained
The General Data Protection Regulation is a complex piece of international legislation. However, there are the three key components to keep in mind:
1. Consent: Businesses need to secure consent from consumers to use their data. Consumers must then opt-in before businesses can use their data for any purpose beyond what was explicitly outlined when the customer agreed to provide it.
2. Right to Erasure: Businesses can’t hold on to data longer than necessary, and consumers can request that their data be destroyed at any time, for any reason. That means businesses must know exactly where every piece of personal data is stored at all times.
3. Privacy by Design: Businesses must integrate privacy regulation compliance into every facet of their organization. Default privacy settings have to be stringent, and businesses must disclose any breach within 72 hours of its discovery or face steep penalties.
You might notice these are extremely broad and far-reaching points. Well, that is by design — EU policymakers wanted to set the GDPR as a paradigm shift in how we both use and think about data.
The GDPR Could Be a Problem
Rollout of the General Data Protection Regulation will probably have a lot of qualities in common with the EMV liability shift in the U.S. — inconsistent application, confusion and increased risk exposure for retailers.
We will have incomplete data under GDPR, which makes it harder to identify developing trends and threats on the individual level, as well as industry-wide. In turn, this makes it hard to deploy targeted solutions or develop useful strategies to mitigate loss.
While customers have more control over their data, that doesn’t help retailers much to eliminate fraud in the short term. Plus, criminals are resourceful; by the time the broader impact of these data restrictions produce any tangible effect, fraudsters will have already discovered workarounds to keep stealing data and perpetrating fraud.
The GDPR isn’t necessarily a bad thing — ensuring data security should be a priority for any business. In its current form, though, this legislation places unrealistic burdens on businesses for protecting data while offering little benefit for them in return.
Monica Eaton-Cardone is the owner, cofounder and Chief Operating Officer of Chargebacks911, the e-commerce industry’s preeminent risk mitigation and chargeback management service provider. Named “One of 2017’s Most Influential Women in the Payments Industry” by PaymentsSource, Eaton-Cardone specializes in chargeback triggers and threats, aiding to reduce the liabilities and costs related to the entire dispute and chargeback process. She works with banks and merchants and has a background in technology and consumer-behavioral science. She has headlined business conventions, tech conferences and eCommerce expos all over the world, and her insights on digital threats, online fraud, friendly fraud and risk mitigation are a byproduct of her passion for creating both revenue and customer sustainability.