1660238328261 Jimmontague0609

Why GDPR spurred compliance

June 19, 2018
It seems GDPR has some serious teeth

While I was hip deep in a couple more cybersecurity interviews a few weeks back, two sources independently mentioned the European Commission's (EC) new General Data Protection Regulation (GDPR) that went into force on May 25 with the aim of protecting the data and privacy of European Union (EU) citizens. Not too many flies on me, I hope, so I cobbled some basics together, and added a little sidebar to this issue's "Secure in the knowledge" cybersecurity feature article.

More recently, over the last week of May and first week of June, I and I'm assuming everyone else suddenly got dozens of  "we're updating our privacy policy/procedures" messages. Because GDPR applies not just to EU folks, but also to their data that can be stored anywhere on the Internet, I'm betting this cascade of privacy updates is a direct result of GDPR requirements. But why would everyone apparently jump to comply at once?

Well, I went back and looked at some of GDPR's main features, and what jumped out at me was its sanctions for violations that will include warnings, audits and fines that could reportedly reach up to €10-20 million. Yikes, wonder no longer about the privacy update land rush. It seems GDPR has some serious teeth.  

Next, I once again began to question why these and other rule-making efforts all seem to come from Europe? When I covered machine safety for our sister magazine Control Design years ago, almost every initiative and requirement appeared to be generated in Germany and/or Europe first, and I remember sources would tell me that the U.S., North America and the rest of the world would follow-up with similar rules in subsequent years. This was especially true for equipment that machine builders wanted to ship into Europe, of course, but then large end users would demand uniform safety measures for all their devices worldwide.

[pullquote]

Not surprisingly, similar scenarios exist for much of the voluminous process safety coverage that Control has provided over the years. For a long time, it seemed like we couldn't get done with a process safety article  before another catastrophe would force us to rewrite the beginning of that story. Inconvenient for editors; injurious or too often tragically deadly for process personnel in the field. Even now, the continuing drumbeat of process safety incidents demonstrates there's a deep-rooted and chronic problem that's not getting solved or even faced. Anyone hearing lack of U.S. gun control echoes? You decide.  

So what makes GDPR different? I think it's the teeth—regulations with prescriptive requirements and justifiably severe penalties for violations.

After years of researching and writing those process safety articles, my main takeaway is a belief that the Deepwater Horizon disaster in April 2010—which killed 11 people, injured 17, and fouled the Gulf of Mexico—would likely not have happened if that platform had been located in Europe's North Sea or just of Australia's coast. The sometimes large but often laughably minor fines applied in U.S. do little or nothing to stem or even slow the tide of process safety incidents and disasters. Alternatively, if you blow up some of your people in Europe, Australia or some other jurisdictions, there's a good chance at least some of your corporate officers will go to jail. Talk about teeth.

Plus, Europe and elsewhere maintain largely prescriptive safety standards and requirements, while the U.S. Occupational Safety and Health Administration typically calls for particular safety outcomes, but usually doesn't define how to accomplish them. Pretty toothless, and I think historically another case of the fox guarding the henhouse.  

So what's the solution? You know what it is. Add some teeth. Develop some professional pride beyond short-term profit; participate in developing logical regulations that aren't too complex or burdensome; and repeatedly call for stiff penalties for violations and lawbreakers—and don't listen to their rationalizations that their "freedoms" are being suppressed. Crooks always talk like that. 

About the author: Jim Montague
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...