Should the US adopt GDPR?

Let’s face it: personal data just isn’t safe anymore. Equifax’s monumental breach proved this when it revealed roughly 145.5 million US customers may have had their information compromised (the full scope of how many individuals were affected is still unknown). Then Yahoo discovered that the massive 2013 cyberattack it suffered comprised three billion user accounts – two billion more than was initially believed. If two major corporations with access to billions of users’ personal information can fall victim to a cyberattack, it’s clear that consumers aren’t being properly protected.

In addition to the weekly news cycles of headline-grabbing security breaches, statistics show that cyberattacks are only getting worse. Digital security provider Gemalto discovered nearly two billion compromised data records worldwide in just the first half of 2017, and of the 918 breaches the company recorded and analysed, 801 occurred in the US.

>See also: What are US companies’ view on GDPR?

Additionally, research conducted by the Identify Theft Resource Center (ITRC) predicted that the number of data breaches in the US will likely hit a record high of 1,500 this year, a 37% increase from 2016.

And yet, data privacy is still not highly regulated in the US Despite the increasing need for stricter data privacy laws, legislators have yet to take immediate action. Although federal and state laws exist – such as the Federal Trade Commission Act and California’s Electronic Communications Privacy Act – there isn’t a singular, all-encompassing regulation that monitors the acquisition, storage and use of every US citizen’s personal data. It’s an issue that the U.K. government is also facing, with consumer groups like Which? demanding that parliament move forward with its Data Protection Bill to bring domestic legislation into compliance with a new data protection framework.

>See also: Who is more prepared for GDPR? The UK, Europe or the US?

Meanwhile, EU citizens are gearing up for the General Data Protection Regulation (GDPR) to go into effect in May 2018 – a protocol that requires any organisation across the globe that collects and uses EU consumer data to comply with strict laws related to how to process and store personal data; how to obtain consent; how to make data anonymous; how to report data breaches; and how to safely transfer data across borders. It also requires organisations use straightforward language in every user agreement, giving consumers a clear view into how their private information will be used and the ability to easily back out of something.

Organisations that fail to become GDPR compliant by May 2018 will face severe penalties, including fines of up to four percent of global revenue, or €20 million…or more. Not only do organisations need to ensure their own operations are GDPR-ready, but also the operations of any partners or vendors the company works with. Supervisory Authorities will be assigned to conduct audits and enforce the law, making it even more critical for companies to become compliant.

With these strict guidelines in place, GDPR will ensure that the personal data of every EU citizen is protected, and give EU citizens the power to know how and when their data is being used – all benefits that US citizens don’t currently enjoy.

>See also: The road to GDPR implementation: challenges and opportunities ahead

While there are plenty of US-based organisations that are required to become GDPR compliant by virtue of handling the personal data of European citizens, US citizens are still not being properly protected from the risks posed by future cyber attacks – and that’s a problem. It’s time the US takes a cue from the EU on data protection, and considers enforcing stricter protocols with penalties substantial enough to make companies comply.

2018 represents another election cycle in the US, with GDPR implementation right in the middle of primary season. This presents a huge opportunity for lawmakers to take action and make personal data regulation a priority in their campaigns. This dogged focus on data privacy could set them apart from their competitors, but more importantly, get the wheels in motion for legislation that can actually protect consumer data in the US in a period when cybercrime is becoming increasingly more severe.


Sourced by Pete Zimmerman, SVP, Service Delivery and Operations at Sonian


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...