• by Ray Schultz , Columnist, March 21, 2018

As reported yesterday, attorney Matt Fawcett of NetApp asks the hypothetical question: is GDPR another Y2K — an over-hyped threat that will evaporate within months?

It’s easy to see it that way, given the hysteria coming from Europe and the deluge of product offerings that supposedly will help companies comply. Isn’t it about time someone said, "hold on a minute?"

Oh, you poor fools. Any idea that pundits are merely 'selling the fear" has been exploded by the Facebook-Cambridge Analytica scandal.

As MediaPost has reported, the latter firm allegedly garnered data from 50 million Facebook users — and their friends — for use in a nefarious political scheme.

Selling the fear? The scandal rumbled the stock market and has drawn the interest of the Federal Trade Commission. Facebook reportedly could end up paying $40,000 per violation (times 50 million). And that’s not the worst harm.

No, the real damage is that this sordid affair is being discussed on nightly news broadcasts, giving the privacy issue exposure that it might not have had. Consumers are getting an education in how data is mined and shared.

Anything they didn’t learn from the Equifax breach they now know. And one thing is becoming clear to them, if it wasn’t already: that these big companies don’t give a hoot about protecting their privacy — their databases are sieves. And Facebook isn’t helping anyone with its pathetic bleating that the Cambridge Analytica ruse does not constitute a data breach. Nor is CEO Mark Zuckerberg's belated statement that "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," much help. They're only putting protections in place now? 

So you see, Facebook and Equifax are in trouble even without GDPR, although you can rest assured that European regulators are looking at them very closely.

Don’t be surprised if more people hit the unsubscribe button in the coming months 

Confused about GDPR? Arndt Groth, president of Smaato, lists five myths about the regulation:

1. GDPR is the only law of concern — there’s also the EU E-Privacy Regulation.
2. If your company (and your servers) are in the U.S., you don’t need to worry — you’re liable if you sell to European customers.   
3. Small businesses are exempt — They’re not.
4. GDPR is about digital only — It covers any use of personal information, whether offline or online.
5. An IP address is not personal data — It’s an identifier: That mean it is personal data, under GDPR. 

See you in Brussels.