GDPR - The Canary In a Privacy Mine. Is Your Company Ready?

In recent years privacy regulations are springing up like mushrooms after the rain - GDPR, PDPA, CCPA to name just a few. Ever since the Cambridge Analytica scandal our personal privacy has made the headlines. And the governments reacted. The story started in Europe with GDPR regulation that inspired the rest. Now let’s take a quick look at it and how it affects your business.

What is GDPR?

GDPR stands for General Data Protection Regulation. The primary goal is to protect personal data of European citizens from being used without their permission. The secondary goal is to create a level playing field for both multinational and local companies.

Why should you bother?

If you are doing business in EU or have just one EU citizen in your database, by law, your company needs to be 100% compliant with GDPR. Another way to think about it is this:

in life and in business, golden rule applies – treat others the way you want to be treated.

For example: Would you like to have a telemarketer call you at 8 pm when you are having dinner with your family? Probably not. How can this happen? Because some unscrupulous companies can potentially sell your personal data. Treat your customers the way you want to be treated. Regard their personal data as sacred and only use it for purposes they gave you their consent for. Your business will boom, customers will respect your brand and you will be 100% GDPR compliant.

What if you still don’t care about GDPR?

If you don’t bother with GDPR, chances are that people, companies who represent them or data protection authorities in EU states can file a complaint against your brand. Just 12 months following the GDPR legislation there were 144,376 queries and complaints and 89,271 data breach notifications resulting in 446 investigations. More than two-thirds of these investigations were initiated by people just like you and me. They complained about telemarketing calls, unwanted promotional e-mails and suspicious video surveillance.

What are the fines?

Germany - Social network operator was fined 20,000 € for failing to secure users data France - Google was fined 50 million € for lack of consent on advertising Poland - A data brokering company was fined 220,000 € for failing to inform citizens that their data was being processed by the company Latvia - A sports betting cafe was fined € 5,280 for unlawful video surveillance As you can see the fines are between 5,000 to 220,000 €. They can go up to a maximum of 20 million € or 4% of the company's worldwide revenue.

How should your business handle personal data?

All personal data your company gathers must be processed with care. Here are the 9 principles set up by the European Commission to guide you in your journey to become GDPA-compliant.

Where does Meiro stand in the world of GDPR?

As both data controller (a company that controls the data and its usage) and data processor (a company that processes data given to them by data controller), we take GDPR very seriously. Here are a couple of things on how we can help you in your data controller role:

• Draft for you the choice of consent for your customers in clear, concise and understandable manner
• Implement proper security measures when you collect data via website, social media, ads or cookies
• Give you expert advice on cutting edge technologies for data collection and management
• Set up military grade security for your sensitive data
• Minimize data extraction to just what you need and boost your compliance as a direct result
• Create Data Map to easy visualise data structure in your company, very useful in case your customer wants to delete their data
• Set up Data Breach Notification System to automatically notify any wrongdoing

As a data processor, we fully understand that you own and control every byte of data you entrust to us. Here are the rigorous measures we take to make sure of it:

• Your data is always 100% under your control
• You can store it wherever you prefer - on your company server, in private, local or public cloud or even offline
• We will process your data based on your specific instructions and workflows
• We can return and remove all personal data you have given us, when our contract expires or when you choose to do so
• Create all the necessary data compliance documentation, so you're off the hook in case the official audit comes
• Triple lock security for your most private and sensitive data - access is based on user hierarchy; only master user will see the sensitive data and has the ability to export it
• Swiss bank level of confidentiality policies and data workflows

Meiro meets GDPR

The world is changing. GDPR is the canary in the coal mine. A harbinger of an era where customers demand more privacy and transparency with regards to their data. Other countries already follow suit - Singapore with PDPA or California with CCPA. At Meiro we are always one step ahead. We believe in transparency and openness. Our customer data platform is a trailblazer that shows you how personalisation and privacy can co-exist side by side. To us, privacy is the future and we welcome it with open (and compliant) arms.