In the wake of the Cambridge Analytica/Facebook scandal (where 87 million users’ data were acquired for political purposes), personal data has yet again become a diamond in the eyes of media. And with GDPR being about one month away, it is time to really discuss who can access personal information and for what purposes.
Today, it is not uncommon to receive an email from businesses one has never even heard of, who has obviously obtained names and data from other companies – the personal data miners or data brokers, as they are called. These matters can be annoying rather than harming.
But… What if data brokers sold information to universities, hospitals or recruitment companies for example? This could lead to people being denied medical treatment, losing a job opportunity or not getting into an educational program because these institutions have gotten indications that the said person won’t be able to pay, or have ended up on a record for drug users. That’s were trading with personal information becomes harming.
Who is collecting your personal data?
For long it’s been quite a secret world, selling personal data. And a very lucrative one at that. Some have even compared personal data to being “the new oil”, seeing as there is a fair amount of money to be made trading this information.
An article published by the magazine Newsweek defines that the expected amount of companies buying and selling personal information in the US are between 2,500-4,000. However, what the data is being used has no statistics.
An opinion piece published by CNN recently stated that surveillance capitalism, done by companies like Equifax (who was in the news a year back for a big cyber attack), are able to work because of companies like Google and Facebook. If a person gets a service they’re not paying money for, it is sure they’re paying in another currency when they accept the terms and conditions.
The responsibility of corporations collecting personal data
There are not only the tech giants gathering personal data, all companies with a customer base does it. No matter the size, a company collecting personal information needs to take its responsibility. There is no debate or argumentation about that cause.
The bigger question is what can be done on a corporation’s side to meet the privacy regulations. It needs to be understood that personal data is an asset, and at the same time a liability. The GDPR can be viewed as a fire extinguisher to personal data moneymaking, because now there are hefty fines to expect if personal data is not handled correctly.
Small offences could result in fines up to 2% (or €10 million) of a company’s global turnover. Larger offences with more serious consequences can result in fines up to 4% (or €20 million) of the global turnover. This way, companies are scared straight to keep confidential personal data secure.
Personal data privacy in the USA vs Europe
As KPMG has described the situation, GDPR is not a “tick-box exercise”. To make sure privacy information is kept safe, there is importance in where companies and servers are kept. First point, there is a difference in mindset between American and European companies. Second point, there are different regulations in the different continents.
With the statement that privacy and data protection are both fundamental rights, the European Union has decided to make sure that its somewhat 510 million people now will have the same legal and digital framework. Therefore, anyone working with companies that keeps information about the citizens of the European Union now needs to comply.
According to the GDRP, data transfer to a third party outside the EU that does not have the adequate data protection standards is only allowed under exceptional circumstances. Therefore, a server located in Europe (or one of the other 11 countries that meets EU standards) is crucial.
One month to comply to GDPR
GDPR goes into effect on May 25th where focus will be on permission and transparency. The General Data Protection Regulation means businesses has about one month left to comply and get in line, leaving them to no longer have the right to handle European user data as they wish. The GDPR will put obligations on data controllers, forcing them to explain to people what personal data they aim to collect and why.
This regulation is supposed to help users better understand the ways they are surveyed online by emphasising consent, control and have clear explanations. Leaving the common person empowered and in charge of their own data, while companies will need to adapt.
DiliTrust helps you conform to GDPR
DiliTrust is the leader in governance solutions and has its servers located in Europe and Canada. You can therefore trust us to comply with the EU’s new regulations. In addition, with the DiliTrust software solutions you can easily manage and share all your new routines and guidelines anywhere, at any time.
Contact us today to find out how we can help your business adapt to the new data privacy regulations.
To continue reading about this matter, carry on to our article “Three stages when welcoming the GDPR”
*Click here to read all the 88 pages of the EU GDPR legislative act from 2016.