Even before it comes into effect, Europe's new GDPR data protection legislation[1] is already having a positive impact.
GDPR is a broad set of rules[2] that require companies to treat customers' personal information with care, and allow organisations to be held to account if they fail to do so. Among other things, GDPR insists that personal data has to be collected for specific and legitimate purposes: it must be accurate and must be protected against unauthorised access, accidental loss, destruction or damage.
While this seems straightforward enough, compliance with GDPR can mean big changes for many companies[3] -- especially if they have not treated personal data with the respect it deserves up to now. For example, the regulations require companies to report serious data breaches within 72 hours of becoming aware of the problem. Companies that get GDPR wrong can face fines of up to four percent of turnover.
GDPR costs
Few EU residents are aware that the regulations are coming in, and fewer understand what they are about. GDPR has brought headaches and significant costs for many companies, which have had to update their systems with very little benefit to show for it. Critics say that the regulations will stifle innovation and risk blaming the victims of cyber crime -- companies that are hacked -- for the behaviour of the criminals that target them. They argue that the vast EU bureaucracy is simply adding another burden that businesses don't need, and that GDPR is simply a licence for consultants and tech companies to print money.
Some of this may be true, but the benefits of GDPR already outweigh the potential downsides.
GDPR benefits
The most visible effect of GDPR so