5 ways GDPR will change your world

Financial Mirror (Cyprus) - - FRONT PAGE -

On May 25, a new law called the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) is go­ing into ef­fect in the Euro­pean Union. The law was cre­ated to pro­tect EU cit­i­zens from po­ten­tial abuses, like the re­cent Cam­bridge An­a­lyt­ica scan­dal. Though the tim­ing may seem co­in­ci­den­tal, this law has been in the works for more than four years. GDPR will re­place the Data Pro­tec­tion Di­rec­tive (95/46/EC) of 1995.

Un­der GDPR, com­pa­nies can be fined up to 4% of their world­wide an­nual rev­enue from the pre­vi­ous fi­nan­cial year. This is a stag­ger­ingly large penalty. A vi­o­la­tion could cost Face­book, for in­stance, up to $1.6 bln. The num­ber would be much greater for com­pa­nies such as Google and Ama­zon.

When GDPR takes ef­fect, you’ll be able to ask com­pa­nies what in­for­ma­tion they have about you and then (if you want) ask them to delete that in­for­ma­tion. This ap­plies to all com­pa­nies, in­clud­ing tech com­pa­nies, banks, re­tail sites, and even your boss. Any­one who sus­pects a com­pany is mis­us­ing his or her data can file a com­plaint with the na­tional data pro­tec­tion reg­u­la­tor, who will in­ves­ti­gate the claim. You’ll also be able to file class-ac­tion-style com­plaints. GDPR also re­quires that busi­nesses al­low users to down­load their data and move it to a com­peti­tor (think mov­ing from Wells Fargo to Chase, or Ap­ple Mu­sic to Spo­tify). ei­ther an in­ter­nal em­ployee or out­side ad­vi­sor).

En­sure you have a sys­tem set up to de­tect, re­port, and in­ves­ti­gate data breaches.

These sug­ges­tions are just a start­ing point. For a de­tailed, help­ful guide to­ward be­com­ing GDPR com­pli­ant, re­view this PDF on ICO.uk. (The ICO is the In­for­ma­tion Com­mis­sioner’s Of­fice, the United King­dom’s rep­re­sen­ta­tive in the Euro­pean Union’s Ar­ti­cle 29 Work­ing Party.)

De­pend­ing on your field of work, you may be im­pacted by GDPR more than oth­ers may be. For in­stance, email mar­ket­ing now re­quires proof of opt-in. You can no longer pre-check boxes to au­to­mat­i­cally sign mem­bers up for news­let­ters, or have a box to opt out; in­stead, you’ll be able to col­lect and use email ad­dresses only if mem­bers opt in. You must also have proof of opt-in (as de­fined in the reg­u­la­tions). If you have an ex­ist­ing mail­ing list, there are sev­eral op­tions you could take to en­sure com­pli­ance:

Delete the en­tire list and be­gin anew. (Easy, but not very prac­ti­cal.)

At­tempt to sep­a­rate EU mem­bers from non-EU mem­bers. (Could be dif­fi­cult, and in­cludes a risk that if you miss any EU mem­bers, you could face a fine.)

Ahead of May 25, email your list and have ev­ery­one on the list re-opt-in. (Best op­tion.)

As

com­pa­nies up­date

their

pri­vacy

poli­cies,

they’re no­ti­fy­ing their users via email. Look through your in­box; you’ve likely got­ten sev­eral dozen over the past few weeks.

GDPR gives you the abil­ity to con­trol how busi­nesses in­ter­act with you and han­dle your data. But there’s a bit of a catch: you need to read the no­tices and take con­trol of your data.

Do you want to be tracked? Do you want to be for­got­ten? Do you want to down­load your data? GDPR is giv­ing you the op­tion to con­trol the way ad­ver­tis­ers in­ter­act with you, but it re­quires that you do some work. It’s easy to ar­chive, delete, or al­to­gether ig­nore these emails, but you should take the time to read them. A key com­po­nent of GDPR says that com­pa­nies must tell you, in plain English (not “legalese”), that you have op­tions when it comes to your data.

In or­der to make those de­ci­sions, you need to read those emails and de­cide: Do I care about this? You can com­plain about re­tar­geted ads fol­low­ing you around the in­ter­net af­ter you looked at that pair of shoes one time, but that type of ad will stop only if you take ac­tion.

The data gover­nance pen­du­lum has swung to the far side. GDPR is go­ing to be ex­tremely hard to com­ply with. Es­pe­cially for Amer­i­can busi­nesses that do only a small amount of busi­ness in the Euro­pean Union. No one re­ally knows how the Euro­pean Union will en­force GDPR, who the GDPR po­lice are, or how dra­co­nian they are go­ing to be. This will re­veal it­self in the full­ness of time.

For now, con­sumers should take ad­van­tage of the right to be for­got­ten, the right to con­trol their data and their pri­vacy.

For busi­nesses, it’s time to get your data gover­nance in or­der. The good news is that the in­ter­net is a big place, and you would need to be in ex­treme vi­o­la­tion to even show up on the GDPR radar. The bad news is that if you do, the fines are in­sane.

As a con­sul­tant, I think I know what ac­coun­tants feel like on April 14th. BTW, May 25th is also Towel Day. So the an­swer to GDPR may be “42.”

Newspapers in English

Newspapers from Cyprus

© PressReader. All rights reserved.