Well it didn’t take long – less than a full week in fact, for the first GDPR-related court cases to surface against none other than the biggest social tech giants Facebook and Google. It was as if lawyers were just waiting to pounce on the tech giants for their apparent failure to protect their users’ rights when it comes to issues relating to data privacy and the sharing of private details mainly with third-party marketers.

Now the issue about how Facebook stores and shares data has been clarified by several intense inquiries in the US and recently in Europe – where the law is set to benefit users of the social media platform on that geospatial area of the world. The said lawsuit however focuses on the opt-out clause that users are forced to make a choice. The claimant – a privacy campaigner, has made the Billion-Euro complaint on behalf of several users; seemingly a challenge to the likes of Facebook. Additionally, with a separate suit against Google, accusing them of “pressurizing” users into accepting their data collection policies.

This ‘comply and accept or get thrown out’ clause could leave many without their routine dose of social media consumption simply because they prefer to engage privately. Such is deemed unfair.

If the accusers get their way based on the terms stipulated in the new law and based on the magnitude of users affected under the jurisdiction – the social media giant could be fined up to a few billions or a sizeable fraction of their earnings in punitive damages.

The passing of the new regulation on May 25th, 2018, better known as the General Data Protection Regulation {abbreviated to GDPR} has been a long time coming. Despite the warnings several months or even a year in advance of the “kick-in” of the regulation, many companies find themselves unprepared for it. Some of the reactions to the law include that of confusion, anxiety by both large and small firms alike and plain comical hysteria! Non-compliance now carries heavy fines and penalties , up to 20 million euros for any company operating within the EU borders.

So, what then, is the big fuss about GDPR? Well it boils down to a right that has since the launch of the Internet to the mainstream, been waivered and overlooked; the CONSENT to use your data for anything other than the reason you went public on the world wide web. This has become a contentious issue as many companies have over the years, unscrupulously benefited from data acquired (mined) without the owner’s consent– Facebook only brought this into the spotlight recently.

Read more about data mining here

Any company, (probably all) that hold a folder, database of clients whether online or even on their own internal servers / database systems would have to comply with the rules which stipulate full disclosure of who they share your details with, and how the information is tracked, shared and kept private/secure.

Furthermore, research in March this year revealed that only 39% of the Fortune 500 companies in the UK and 47% had GDPR compliance taskforces and it is likely (given each organization’s size and scope of operations) that that statistic is not 100% by now.

Another UK firm commissioned study found that consumers buying behaviours these days, are heavily influenced by how they perceive their data is being handled by the company offering the good or service.

The consent given to use your basic information such as one’s name, phone number and email address cannot be taken for granted – even in the medical environment.

German doctors’ practices, in the wake of GDPR, are manually making their clients sign consent forms in which they are required to disclose who they share your contact information with – a practice that one has always treated with levity. The new law nevertheless clearly stipulates that henceforth, it will be mandatory.

N26_banner-300x250-EN

There are simple ways to stay GDPR compliant and one method is to adopt an attitude of embracing it rather than just complying with it. Being transparent with your customers can be achieved in the following ways: Adding a cookie bar (you will notice a lot of them on websites nowadays and in its not absence, they claim not to collect data) to your website. You can also add a clause/paragraph to that effect (in your website’s disclaimer) in the ‘About Us’ section.

Similarly, you must state clearly on any opt-in forms; newsletters for example, and any forms where their data is collected, used and passed onto other third-parties; stating clearly who they are and which data they have access to.

You then need to give your customer the option to select what they want to share even if insignificant; although such data may not be necessary for them to receive services from you. This probably involves reviewing your relationships with third-party affiliates and partners to ensure that they are also complying with the law and not jeopardizing your data compliance efforts – as Cambridge Analytica did with Facebook.

The last and most challenging step requires action of what is promised above. This therefore means an upgrade of your internal software (especially your email and data capture CRM/storage facilities), to include security/encryption.

Get 20% off AVG Internet Security Unlimited! Banking, browsing, shopping; extra protection for you.

This can be achieved by using a GDPR-compliant package like Office 365 Enterprise E3 which has email software especially designed for companies dealing with sensitive client’s data that need to be kept for long periods, litigation hold, heavy archiving features, as well as basic email encryption.

One can add supplementary encryption software such as Azure Information Protection as an extra layer of security to safeguard exchange-hosted emails and stored data from being lost, compromised or accidentally shared.

All said and done it is likely that if you are a bigger firm, you would either need to create the position of a data security officer internally (if your lawyers are not up to date with digital laws), or to outsource the service. This should make you fully compliant thereby having to avoid issues with the data compliance authority altogether.

Advertisements

2 Comments

  1. Pingback: Data (Gold) Mining

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s