arrow-down coffee engineering consultancy development remote-management support linkedin twitter youtube email phone gitlab github

GDPR is here, where are you?

Submitted by Marcello Evangelista on February 23, 2018

Let's understand what General Data Protection Regulation (GDPR) is and how important it is for users' privacy.

EU GDPR

One of the most important issues in the coming years for all, users and companies, will certainly be the issues related to user privacy and network neutrality. With so many new technologies coming up and with the size and proportions of the internet, it is understandable that these themes gain attention from society, the mass media and world politics.

The European Union is undoubtedly one of the most important and relevant entities related to data protection policies and user privacy. GDPR (General Data Protection Regulation) is the latest step of the European Commission thinking about how companies (especially those involved with media and advertising) use, control and resell our private data and information.

The regulation was proposed in 2012 in the European Commission, responsible for legislation within the European Union (economic bloc formed by much of europe) and aims mainly to improve the privacy of Europe's residents. It took about 4 years to finally be approved, now in April 2016, but it should only come to fruition in 2018, making it possible for major portals and online services to adapt.

Recalling that the European Union is already known for its very incisive decisions and always looking for the protection of its residents of large corporations, such as the decision to allow people to ask the search engines to have their names and data removed.

Who will be affected by the GDPR?

Although the legislation is made for the European Union, it can be beneficial to users around the world for two reasons.

First reason is because large companies, such as Facebook and Google, will have to adapt to the new laws if they want to remain active on European soil. Since this is a crucial market, it is unlikely that companies of this size will ignore such decision.

If this compliance wasn't enforced in so many countries at the same time, companies might simply prefer not to make their sites available at some specific locations, however this is not the case since the GDPR will be applied across the whole European Union.

As companies will have to adapt data and business policies to remain active and compliant in Europe, it will be much easier for similar improvements to be made to other countries. This decision can profoundly affect how we view data privacy and control within the internet.

Second reason is that GDPR will have a global impact sooner than later, even though it is only applicable within the EU, we will see similar movements in the future from other economic blocks or macro-economic potencies such as the US and China.

GDPR's scope and consequences

Amongst several changes, the new standards will be enforced to expand citizens' rights to access, update and erase their personal data (Right-to-be-Forgotten), and this will be applicable even if data processing does not occur in a member state of the European Union. They also require data controllers and processors to implement technical measures and processes to protect personal data, limit and define the specific circumstances under which personal data may be collected and used. This is an effort to leverage transparency about data usage and collection.

Companies will have to prove that they have adequate resources to ensure compliance and will have to report violations of data to supervisory authorities and customers. Upon failure to comply with the rules, fines of up to € 20 million or 4% of the total turnover of the previous year, whichever is greater, will be applied. In addition to financial penalties, it is important to think about the possible outcomes for the public relations of the companies involved in such instances.

Countries outside the EU will also be evaluated to determine which are reliable or not to store data or provide services to the group. As a result, many companies that store European data or have a business relationship with European Union countries will have to adapt to conformities and align their procedures with the new regulations. Any company that does this will have a great competitive advantage.

Conclusion

Uniforming so many procedures is no easy task, and in reality, only a few companies are ready for it. But from the security point of view, GDPR is a great opportunity for companies to reconsider their security and data protection processes. Meeting regulatory requirements means implementing processes and technologies long overdue, it also means that companies will be forced to handle security more responsibly, and in the end, both the consumer and the corporation itself have to gain from it.

We, as a open-source company, see GDPR as a great step to the right future of a more transparent relationship between data processors and data owners.

The compliance effort does not need to be complicated, it needs to be precise.

If you have any questions or want to talk about how our solutions can help your company with GDPR and much more. Let's get in touch: marcello@olindata.com.