A few days ago, a European watchdog group filed a privacy complaint against Google, using EU’s new General Data Protection Regulations as the complaint’s umbrella. While data privacy and protection are not new debates, the European regulation has taken data privacy to new levels.
Levels that tech giants are struggling to meet, despite the regulation taking effect in May 2018.
Unfortunately, Google is under fire for manipulation and unfair use of their location settings in order to target advertising, which most businesses can dismiss as not our problem. In fact, data privacy regulations are every business’s problem. If your website uses cookies, it’s your problem. If your website sells anything, it’s your problem. In fact, if your business collects any information about users, it’s your problem.
Even businesses that are strictly US based need to be aware of the regulation, and how their businesses can be found liable.
The basic tenants of EU data privacy
With watchdog groups scouring the internet for violators, every business must take reasonable means to protect themselves. But protect themselves from what? Below are the basic tenants of data privacy according to the EU.
1. Obtaining Consent. Every user must be informed, in clear terms, their data is being collected. Consent must be freely given and can be taken at any time.
2. Timely breach notification. Gone are the days when companies can take months to notify about data breaches. According to the regulation, a business has 72 hours to inform their consumers.
3. Right to data access. Every user has a right to access the data a business has stored on them. Included in the report, a business must state how they are using an individual’s data.
4. Right to be forgotten. Any user, after receiving a report of data stored, can request to be deleted from a business’s system. In other words, a user can request to be entirely wiped away from a business.
5. Data portability. No longer does a business own data on users. Rather, a user has the right to their own data. Which means a user can allow any business to use another company’s data.
6. Privacy by design. A business must set up their system to collect and store data correctly with the proper security protocols.
7. Potential data protection officers. The regulation may require additional staffing if the business is designed to collect data or is of a specific size. This is one aspect of the regulation that is not a requirement for all businesses.
Who is affected by EU’s regulation
Just as when the regulation rolled out, there are businesses that are strictly US based that consider the issue not their problem. Unfortunately, that is not accurate. How are US based businesses affected?
Unfortunately, GDPR affects your business if any visitors to your website are from the EU.
Websites in cookies to provide information. If a business uses Google Analytics, or any other tracking mechanism, the website is collecting personal data. An individual does not need to be a customer, providing personal or financial information. Just visiting a website is enough for EU’s regulation to apply.
Luckily, most websites made appropriate adjustments with automatic cookie warnings with acceptance required.
Global world, interconnected business
The world has become a much smaller, interconnected place. As a result, regulations passed in other countries affect businesses around the world. Therefore, in the case of GDPR, all aspects of data withholding are affected. Whether mobile, website, or purchasing.
Therefore, it’s particularly important for a business to partner with vendors who are knowledgeable advisors in a global setting.
Luckily, MobileWare provides mobility management services on a national and global scale. Even if your business does not operate globally, we have the knowledge and expertise to advise and strategize through any regulation or business impact, including data privacy. For more information, click here.