Data Protection – A better understanding
The recent headlines have caused many to rethink data protection and online behaviour. For example, how many privacy policies have you read from start to finish? More importantly, if you have, do you understand them? If you haven’t and you can’t, will your customers understand how you handle their information? There is a need for a simplified clearer format; something planned for in the new EU Data Protection Regulation. The council are striving for a workable and enforceable solution.
In August this year, over 2 million mobile phone customers discovered a data breach. This was not an isolated event. Breaches dominate the headlines for a few days, but does anything actually change in light of these occurrences? The new directives intend to put protection in place from identity theft. If a company has data breached, if feasible, they must now notify the national supervisory authority within 24 hours.
Higher standards of control
All companies using contact data will have to meet more controlled standards. Moreover, regulation is likely by the end of this year with the directive following on; it will affect all 28 EU member states but also any trade agreements with other countries which include GDPR regulations as part of the trade. Even if the rules may be a couple of years away, most companies with large databases of information will need to do some comprehensive preparation.
Consent forms will have to be available on request for the Information Commissioners Office (ICO) to inspect. There will have to be proof of consent and that means storing permission forms in various formats. Consumers will be able to deal with a single national data protection authority in their own country, regardless of who is processing their data and be able to transfer from one service provider to another more easily.
Preparation will lessen the impact
Existing databases are likely to need upgraded permissions from consumers as existing data probably won’t satisfy new regulations. Furthermore, one consent form will not allow for a flood of advertising. Also, it is likely that new permissions will be required for each new use of data for marketing purposes. The EU Council and Commission want all consent to be based on an unambiguous basis. Also, every company will need to have a data removal system for customers who wish to remove their details, due to the right to be forgotten; emphasis will be placed on this being done quickly and easily for the consumer.
For companies who do not comply, fines are likely to be imposed. With sanctions being considered as a calculation of gross annual turnover, it could work out to be a very costly mistake.
The regulation applies if the data controller or the data subject is based in the EU. The Regulation also applies to organizations based outside the EU if they process personal data of EU residents. According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, or personal posts on social networking websites, medical information or a computer’s IP address.”
The benefits to business
“Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds, the protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data.
My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information.
Viviane Reding, EU Justice Commissioner, the Commission’s Vice-President
The new data protection directives will be challenging but not without benefits. If approached positively, a managed database updated regularly and well managed could lead to better relationships with end users and create a more accurate information base. Strong relationships with end users could potentially form. The intention is to actually cut costs and bureaucracy to business and with a streamlined, real time accurate database; marketing may finally hit the right spot. The time to prepare is now are you ready?
Jill Wells, Posted 15/09/2015