The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Write a paper that explores how this European Union law has impacted IT policy around the world.

 

The GDPR has affected all business entities that are working within and outside the European Union (EU), the ones that will be affected the most by this regulation policy are those processing huge amounts of data. Therefore, this paper is a statement of the problem that elaborates on how GDPR has impacted IT policy around the world. The following are the major concerns regarding GDPR and IT policy globally.

IT policy has changed from the time the GDPR came into effect, the way companies collect data has greatly changed to ensure that clients or consumers scanning through any website that collects data are in control of their information by opting in or out. This is new because, businesses were not mandated to set up cookies on their website to ask clients whether they were willing to share information or not. IT policy has been impacted in this manner and some businesses may miss out on potential clients if they decide not to opt in.

The other problem is that, there is a high possibility that individuals in large numbers may decide to withhold consent or remove their personal data from data brokers and websites altogether. As explained by (Politou, 2018), Consent is concerned with providing grounds that are legitimate to the data controllers for the collection and processing or even sharing of personal data to be used for other purposes. This can have a serious negative impact on the data industry. Furthermore, the other impact of GDPR is on Technology platforms, organizations are required to do proper and thorough analysis of their technology platforms as well as the data architecture which their various management information systems, databases, websites and any other data warehouses they manage. This is a serious impact on organizations such as Amazon, Google, Facebook, eBay and many others with thousands and millions of customers allowing their data to be processed on the platforms.

Also, the biggest challenge comes in if a user requests to know exactly what personal data has been collected by the company about that user and how this data is going to be used. This puts more pressure on the companies as thousands of users can request for feedback in a timely manner at the same time. This is so because, according to the GDPR, organizations are required to offer EU residents the following privacy rights; right to access data, right to be forgotten and also the right to data portability. This has put pressure on companies as they need to make a lot of investments in manpower as well as resources to ensure that the organizations technology platforms are up to date, privacy policies are updated, data storages are adjusted as well as advertising practices are changed.

GDPR has also impacted organization’s IT policies on regarding Cybersecurity. This is so because, GDPR requires all organizations to have reasonable data protection measures put in place in order to ensure that the consumer’s personal data that is being collected and processed is well protected against exposure or data loss. Therefore, companies are forced to look for cybersecurity professionals, invest in training and many other educational workshops to make sure they are GDPR compliant and avoid the penalties that come with failing to comply.

GDPR will also massively impact the development of emerging technologies. This is so because, new and ongoing technologies such as Block chains, Artificial Intelligence and Cloud Computing all rely on data collection and the use of algorithms in order to produce valuable information. However, the GDPR policy has and will continue to affect this, data collection is restricted because it is now all up to users to consent and also, they can further follow up and have their personal data deleted from the organization’s database. This will continue to restrict the enhancement of these emerging technologies which are so important to economic growth and competitive advantage. A report by (Lefrere, 2020) explains that, GDPR could result in huge losses of around 2.8 million Jobs as well as reduction in European GDP.

The other problem with GDPR is that, while most of Europe is well aware of the regulations are has been naturally prepared, other regions of the World like; Africa, The Middle East, Asia pacific and the Americas (islands) now have more work to do regarding updating their IT policies, websites, databases and business processes.