Security News > 2023 > May > Experts laud GDPR at five year milestone
Fundamentally, the General Data Protection Regulation's right-to-privacy focus - giving people provenance over their data - allows individuals to dictate how companies, including data brokers, use their personally identifiable information.
GDPR - a set of data privacy regulations throughout the European Union - has extra-territorial scope, meaning platforms and websites outside of the EU that traffic in the PII of those inside the EU must also comply with its directives.
Several experts weighed in on the virtues of the GDPR at WithSecure's Sphere23 event in Helsinki, Finland.
While the U.S. lacks national data privacy laws, eight states so far have enacted either comprehensive privacy legislation or more limited or tailored legislation giving consumers power over how their personal data is trafficked.
Jeff Reich, executive director at the Identity Defined Security Alliance, said these laws and others coming owe their provenance to the GDPR. "The rock in the pond that is the GDPR continues to cause ripples that affect everything in the vicinity," he said.
"Seven years after the GDPR was adopted, five years after enforcement began, it is difficult to not see the results of the regulation, to date. Merchants and vendors know what they need to do, even when they do not know how to do it yet. The best behavior change is with consumers."