Below is the 12 steps companies are required to take if they collect personal data.
There is a lot of stupidity that comes from the EU. This one might take the cake.
Very few people read the fine print on anything. Especially when it comes to signing up for something online. We live in a time where individuals post every meal they have online. People post their entire personal life, step by step, on social media. Why would any one care about personal data being sold or used by a third party? Most people understand what they put on the internet is subject to the world. Someone who was truly seeking privacy would not have an iPhone, not use the internet and not have Alexa in their home. Individuals sacrifice privacy for convenience when they buy an iPhone, Alexa, etc.
Large companies are required to hire a DPO (Data Protection Officer). The word “Large” is not defined, interestingly enough. According to the new regulation a DPO is the following:
A DPO is a designated person within an organization who is responsible for ensuring data protection compliance after the introduction of the GDPR. This person is appointed and will be the primary contact within the organization for data protection compliance.
Companies like Google, Facebook, Twitter, etc. will hire a DPO. Role out a few new policies and update privacy agreements. If their is a disagreement between the company and regulators, the company polices will be updated and the company will probably pay a fine. These companies are the low hanging fruit for governments.
Medium size companies will probably update their privacy agreements and give some low level worker the added role of DPO just to say they are in compliance.
Small size companies fly under the radar. They will probably ignore the regulation all together or adopt the medium size company strategy. In their privacy agreement, they might even say some nice words about GDPR to keep busy bodies off their back.
Companies will generate more paper work to show compliance. Bureaucrats love paperwork. When the EU audits these large companies, bureaucrats will sniff through thousands of pages which show why the company is in compliance. For these large companies, this cost pennies in relation to their revenues. However, the EU must have bureaucrats to sort through it all. Less time to harass other citizens.
Just like the CFR here in the US, governments will target big companies which will yield them the best monetary reward.
Big Brother is dead. They are in information overload. This regulation shows how desperate they are to remain relevant.