In May, the General Data Protection Regulations--or GDPR--went into effect in the European Union. First approved in April 2016, this new legislation has radically changed how companies can do business online. European authorities gave companies two years to comply with the new sweeping measures that replaced the previous Data Protection Directive in the 28-nation EU bloc.
The goal of the law was to give consumers greater control of their respective personal data that is collected by companies online. This includes organizations that are located within the EU, but also applies to any companies outside the region if they offer goods or services, or even have a digital footprint with consumers in the EU bloc.
Even with two years to understand--and prepare for--the new regulations, the response by some American newspaper publishers was to block all content from the eyes of those in the EU. This included Americans traveling for work and vacation as well as expats.
Other publishers offered a special version for those readers in the EU.
"USA TODAY NETWORK is serving a version of its products to IP addresses in the EU that limits the data processing on the site," a spokesperson told E&P via email. "The USA TODAY NETWORK EU experience will not include any advertising that collects personal data from EU residents, allowing our European audience to continue to access our award-winning content."
The reason for this due diligence on the part of publishers is simple. Under GDPR, those companies that are not compliant face serious fines of up to 4 percent of annual global revenue or 20 million euros ($24.6 million), whichever is larger.
"We are going to be watching veiy closely how this plays out," said Eric Hodge, director of solutions for security research firm Cyberscout. "That is a hefty fine, and while it is aimed at major tech brands, it could still be used against a small Indiana-based company that might have four European customers in its database."
This is something businesses in all sectors will have to deal with as well.
"The first thought is something aimed at large tech companies or banking, but this affects all industries," Hodge said. "Publishing is an interesting part of this because it has become so global. It will be interesting to see how smaller, regional papers may get caught up in this."
A key part of GDPR is based on companies ensuring that users consent to how their data is used. Companies can't use vague or confusing statements, nor can consent be bundled within other use agreements. Consumers in the EU will also be entitled to access the personal data that is stored by companies, and most...