Well, it didn’t take long. Less than a full week in fact, for the first GDPR-related court cases to surface against social tech giants Facebook and Google.
It was as if lawyers were just waiting to pounce on them for their apparent failure to protect our rights as online users. This pertains specifically to issues relating to data privacy and the sharing of private details mainly with third-party marketers.
How Facebook stores and shares your data has been clarified by several intense inquiries in the US and recently in Europe. This is where the law is set to benefit users of the social media platform in that geospatial area of the world.
The said lawsuit, however, focuses on the opt-out clause that forces you to make a choice to comply or leave. The claimant is a privacy campaigner. He has made the Billion-Euro complaint on behalf of several users; seemingly a challenge to Facebook.
Additionally, he has launched a separate suit against Google, accusing them of “pressurizing” users into accepting their data collection policies.
This ‘comply and accept or get thrown out’ clause could leave you without your routine dose of social media consumption. Such a clause is thus deemed unfair.
It could cost Facebook a lot if they get their way based on the terms stipulated in the new law. The social media giant could be fined up to a few billion or a sizeable fraction of their earnings in punitive damages.
The aim of the new law
The passing of the new regulation on May 25th, 2018, better known as the General Data Protection Regulation {GDPR} has been a long time coming.
Despite the warnings of the “kick-in” of the regulation, many are unprepared for it. Some of the reactions to the law include confusion, anxiety by both large and small firms alike, and plain comical hysteria!
Non-compliance now carries heavy fines and penalties, up to 20 million euros for anyone operating within the EU borders.
So, what then, is the big fuss about GDPR?
Well, it boils down to a right that has since the launch of the Internet to the mainstream, been waivered and overlooked. Gaining CONSENT to use your data for anything other than the reason you went public on the Internet is very crucial.
This has become a contentious issue as many companies have over the years, unscrupulously benefited from data acquired (mined) – without your consent. Facebook only brought this into the spotlight recently.
You can read more about data mining here
Who needs compliance?
If you hold a folder, database of clients whether online or on your internal server, you would have to comply with the rules which stipulate full disclosure. This includes who you share your details with, and how the information is tracked, shared, and kept secure.
Furthermore, research in March this year showed that only 39% of the Fortune 500 companies in the UK and 47% had GDPR compliance taskforces.
Another UK firm commissioned study found that our buying behaviours are heavily influenced by we perceive our data is being handled by companies.
The consent given to use your basic information cannot be taken for granted – even in the medical environment.
German doctors’ practices, in the wake of GDPR, are manually making you sign consent forms. Doctors are now required to fully disclose who they share your contact information with.
How to be compliant
There are simple ways you can stay GDPR compliant. One method is to adopt an attitude of embracing it rather than just complying with it. You can be transparent with your customers by doing the following:
Add a cookie bar to your website. You can also add a clause/paragraph to that effect (website disclaimer) in your ‘About Us’ section.
Similarly, you must state clearly on any opt-in forms. Newsletters and any forms where their data is collected, used, and passed onto other third-parties must be announced. State clearly who they are and which data they have access to.
You then need to give your customer the option to select what they want to share. Even if such data may not be necessary for them to receive services from you.
Constantly review your relationships with third-party affiliates and partners to ensure that they are also complying with the law.
They could be jeopardizing your data compliance efforts – as Cambridge Analytica did with Facebook.
The last and most challenging step requires the action of what is promised above. This means an upgrade of your internal software to include security/encryption.
GDPR compliant software
You can obtain full compliance by using a GDPR-compliant package like Office 365 Enterprise E3. This package has email software specially designed for those of you dealing with sensitive client’s data that need to be kept for long periods. Litigation hold, heavy archiving features; as well as basic email encryption are all included.
You can add supplementary encryption software such as Azure Information Protection as an extra layer of security. This helps you to safeguard emails and stored data from being lost, compromised, or accidentally shared.
All said and done it is likely that if you are a bigger firm, you would either need to create the position of a data security officer internally. If your lawyers are not up to date with digital laws, however, you can simply outsource the service.
Pingback: Data (Gold) Mining
Pingback: How would you like to be served?
Pingback: Cloud (Storage) Wars!
Pingback: Anonymous Surfing
Pingback: Sales misconception – debunqed!
Pingback: Get a vault for your data!
Pingback: The latest cloud computing trends to look out for in 2019 ~ simple online tech solutions