Well it didn’t take long. Less than a full week in fact, for the first GDPR-related court cases to surface against none other than the biggest social tech giants Facebook and Google.

It was as if lawyers were just waiting to pounce on the tech giants for their apparent failure to protect our rights as an online users.

This pertains specifically to issues relating to data privacy and the sharing of private details mainly with third-party marketers.

Now the issue about how Facebook stores and shares data has been clarified by several intense inquiries in the US and recently in Europe. This is where the law is set to benefit users of the social media platform on that geospatial area of the world.

The said lawsuit, however, focuses on the opt-out clause that forces you and I to make a choice to comply or leave. The claimant is a privacy campaigner. He has made the Billion-Euro complaint on behalf of several users; seemingly a challenge to the likes of Facebook.

Additionally, he has launched a separate suit against Google, accusing them of “pressurizing” users into accepting their data collection policies.

This ‘comply and accept or get thrown out’ clause could leave many without their routine dose of social media consumption simply because they prefer to engage privately. Such a clause is deemed unfair.

It could cost a lot if they get their way based on the terms stipulated in the new law.

The social media giant could be fined up to a few billion or a sizeable fraction of their earnings in punitive damages.

The aim of the new law

The passing of the new regulation on May 25th, 2018, better known as the General Data Protection Regulation {GDPR} has been a long time coming.

Despite the warnings several months or even a year in advance of the “kick-in” of the regulation – many find themselves unprepared for it.

Some of the reactions to the law include that of confusion, anxiety by both large and small firms alike and plain comical hysteria!

Non-compliance now carries heavy fines and penalties, up to 20 million euros for anyone operating within the EU borders.

So, what then, is the big fuss about GDPR?

Well, it boils down to a right that has since the launch of the Internet to the mainstream, been waivered and overlooked.

The CONSENT to use your data for anything other than the reason you went public on the world wide web is now very crucial.

This has become a contentious issue as many companies have over the years, unscrupulously benefited from data acquired (mined) without your consent – Facebook only brought this into the spotlight recently.

Read more about data mining here

Who needs compliance?

If you hold a folder, database of clients whether online or on your internal server, you would have to comply with the rules which stipulate full disclosure. This includes who you share your details with, and how the information is tracked, shared and kept private/secure.

Furthermore, research in March this year showed that only 39% of the Fortune 500 companies in the UK and 47% had GDPR compliance taskforces. It is unlikely  that that statistic is 100% by now.

Another UK firm commissioned study found that our buying behaviours these days, are heavily influenced by we perceive our data is being handled by the company offering the good or service.

The consent given to use your basic information such as one’s name, phone number and email address cannot be taken for granted – even in the medical environment.

German doctors’ practices, in the wake of GDPR, are manually making their clients sign consent forms. Doctors are required to fully disclose who they share your contact information with.

This is a practice that we have always treated with levity. The new law nevertheless clearly stipulates that henceforth, it will be mandatory.

How to be compliant

There are simple ways you can stay GDPR compliant. One method is to adopt an attitude of embracing it rather than just complying with it.

Being transparent with your customers can be achieved in the following ways: Adding a cookie bar to your website. You can also add a clause/paragraph to that effect (in your website’s disclaimer) in the ‘About Us’ section.

Similarly, you must state clearly on any opt-in forms. Newsletters for example, and any forms where their data is collected, used and passed onto other third-parties must be announced. State clearly who they are and which data they have access to.

You then need to give your customer the option to select what they want to share even if it seems insignificant.

Even if such data may not be necessary for them to receive services from you.

This probably involves reviewing your relationships with third-party affiliates and partners to ensure that they are also complying with the law.

They could be jeopardizing your data compliance efforts – as Cambridge Analytica did with Facebook.

The last and most challenging step requires the action of what is promised above. This, therefore, means an upgrade of your internal software  to include security/encryption.

GDPR compliant software

You can obtain full compliance by using a GDPR-compliant package like Office 365 Enterprise E3.

This package has email software specially designed for those of you dealing with sensitive client’s data that need to be kept for long periods.  Litigation hold, heavy archiving features; as well as basic email encryption are all included.

You can add supplementary encryption software such as Azure Information Protection as an extra layer of security. This helps you to safeguard exchange-hosted emails and stored data from being lost, compromised or accidentally shared.

All said and done it is likely that if you are a bigger firm, you would either need to create the position of a data security officer internally (if your lawyers are not up to date with digital laws), or to outsource the service.

This should make you fully compliant thereby having to avoid issues with the data compliance authority altogether.
Advertisements