Lets Take Privacy Serious This Time!
Protect data more securely and gain from it
Ultimately taking the GDPR seriously and implementing its regime in a structured and effective manner will provide a prize that has, to date, eluded many of the major players online. Trust!
Prior to the GDPR, member countries had to work with laws from 28 member countries. This meant that a patchwork of regulations were in play, and companies had to have employees who could grasp the implications of laws across all the countries. Keeping up was difficult, and legal departments costs was running high for serious companies to try to comply with each country’s regulation. On the other hand less serious companies based in one country but doing business in another would make the argument that it didn’t have to obey local online privacy laws. The GDPR effectively changes this argument by applying it to any business that has customers in any one of the member states. The new law also apply to companies from outside the European Union selling their products and services to European citizens in their respective countries. And if these outside companies don’t comply with the data protection law. They can be fined and their services or merchandise blocked by customs to prevent them from doing business inside Europe until they comply.
While citizen’s personal data has been thus far protected by numerous laws across different countries and frankly, its privacy has not been taken seriously. The GDPR will change that. Now, firms will need to take extra care about how they collect, get personal consent, store, and use personal data.
Plus, this regulation will actually encourage firms consolidate personal data into a unified platform–so that they are able to easily locate it, anonymize it if needed and report on it. This is what insurance companies call the golden record or a Customer 360 view. This presents a unique opportunity for businesses to better respond to customer requests, engage with them in the ways they prefer, and ultimately being able to innovate but also comply with the data subjects rights to know how their data is used or if deleted.
Avoid bad PR
When data is kept behind strong security measures, thieves can’t get to it. And, when thieves can’t get to valuable data, there can be no security breach. No security breach means that there’s no bad PR to be had. Sure, it’s a simple concept, but inconsistent data protection rules across different countries made it harder for companies to be effective in keeping data separated and secured.
Now, data can be kept under lock and key because there’s no need to separate it among different servers in an attempt to comply with different regulations. Stopping data breaches before they happen is much less difficult under the GDPR.
Ability to report to one agency
Investigating a data breach has been a difficult process because each country has its own rules and enforcement agencies to fight cybercrime. It was difficult to figure out which agency did what, especially when the crime occurred across borders. Each sovereign state had to work with the other and hope that they could meet in the middle. Now, a lead authority in each state has the legal right to take action and to work with local authorities on the matter. It centralizes the reporting process and makes it easier for everyone to work together, no matter what country they’re in. You report to DPA – The European Data Protection Authority.
Trust and bottom line
These are some of the ways the GDPR is going to benefit businesses. Compliance is never easy, but the changeover to a single set of rules is beneficial to everyone in the long run since there has been too many data breaches compromising consumers the last couple of years. Implementing Privacy by Design and/or Encryption to obtain GDPR Certification is not only a question about keeping the personal data secure, but by showing the certified logo on your website you build trust between your company and the consumers.
At first sight the GDPR just becomes a simple regulatory pressure on companies to do the right thing. But for those who can invest in, and more importantly truly demonstrate, high levels of security, there may well be a greater prize.
The possibility of creating an environment in which their customer’s trust is reflected, not just in a warm glow, but in the bottom line as well.
NOTE: The SWISS EU US PrivacyShield.gov has nothing to do with compliance under GDPR. This is moreover an agreement between the Swiss Data Protection Agency and the US in order to try to find a loophole around the actual EU GDPR privacy laws for American businesses who want to sell to Europeans. However Switzerland is not a member of the European Union! Furthermore their offering of Self-Certify must not be taken serious. Only 3rd party GDPR Certification and documentation based on ISO 6005 or similar processes including Privacy by Design and potential encryption should be recognized to ensure data subjects about the highest possible compliance and protection under the EU General Data Protection Regulation. Lets take privacy serious this time! There has been too many big breaches of personal data in the USA over the last years and lets never forget EQUIFAX!!! Giving corporations rights to self-certify is like letting the wolf watch over the lambs…… Here is the framework www.commerce.gov/news/fact-sheets/2016/02/fact-sheet-overview-eu-us-privacy-shield-framework – NO place is it even close to mention the specific rights of EU citizens laid out here “Know Your Rights!” and nowhere does this fact sheet mention that specific consent must be given and can be withdrawn just as easily. This is not about handling complaints, this is about handling privacy and simple requests from the data subjects how their data is used. That’s not a complaint before its missuses! Nor is there anything in this fact sheet about the FINES to US Corporations!
GDPR Watchdog will challenge the companies listed under PrivacyShield.gov to deliver accountable information to the data subjects(EU Citizens) after May 25th 2018. We will report back on that in our daily newsletters, so sign up!
There will be kicking, screaming and evasion in the short term but GDPR will become a gold standard in business and that compliance will more than pay for itself. In any case, where’s the harm in being able to show your customers you are an honest actor when it comes to protecting their Privacy! – statement by Jan Vistisen, founder GDPR Watchdog.