After May 25, any company doing business with European Union citizens will be subject to the privacy safeguards of the General Data Protection Regulation (GDPR) approved by the 28-country coalition in 2016.
Basically, the law says companies must explain in plain terms what they do with the data they gather from users. They must also make it easy for users to opt-out of data gathering. Another rule will make it mandatory for companies to notify their data protection authority data breaches in the first 72 hours after a breach is caught.
Notably, the regulation will apply to social networking sites like Facebook, which said on Wednesday — after some PR back and forth — that it will be making the GDPR standard available to its users wherever there isn’t a conflict with local laws. Facebook recently came under fire after data from 87 million users, mostly in the U.S., was improperly shared with research firm Cambridge Analytica.
Now that data privacy is more present in users’ minds, and with the May 25 deadline looming, a Philly company has seen an uptick in business. Clarip, the Center City firm behind a “privacy management platform,” has been working with retailers, law firms and healthcare companies for the past 18 months to get them up to speed with GPDR compliance.
The 10-person team is based out of WeWork’s 1900 Market spot. Founded by CEO Andy Sambandam — an engineer and former EPAM exec — the company has raised a seven-figure funding round from undisclosed investors.
In the backend, the company’s platform uses artificial intelligence to track how data is used through client’s network. From users’ perspective, the company helps make personal data management clearer for userss.
“Our philosophy is democratizing data privacy so people have a choice,” Sambandam told Technical.ly.
The CEO said the GDPR regulation delivers on its promise to give rights to individuals and helps them demand transparency from companies. It aligns with what the company’s doing, Sambandam said, and has even garnered some last-minute interest from clients that had not been working on complying with the new regulation ahead of the May 25 cutoff, after which businesses could face steep fines over lack of compliance.
“It might also affect American companies without a presence in the E.U. but who have customers in the EU,” the founder said.
How big could the fines be? Peep these figures: up to 4 percent of annual global revenue or €20 million (just over $24 million), whichever is largest.