“Data Protection” *snoring sounds* “Up to €20 million fine” *wakes up, spills coffee*

You may have noticed that social media and other apps have been updating their Privacy Policies over the last few days with updates taking effect 25th May. The reasons for this have been touted by the companies themselves as ‘giving you even more control over your data’ and ‘increasing privacy’. But we know by now that the largest social media companies lie to us. Unsurprisingly, the real reason the companies are updating their Ts & Cs isn’t scandals like Cambridge Analytica but the General Data Protection Regulations (GDPR) which come into effect on, you guessed it, the 25th May.

[Side note if you want to watch Mark Zuckerberg, the creator of Facebook, use his massive IQ to talk his way out of the Cambridge Analytic crisis in Congress you can check out the key points here]

The GDPR replaces the original EU Data Protection Directive and once again these regulations come directly from the EU. There are six broad principles that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject,
  2. collected for specified, explicit and legitimate purpose,
  3. adequate, relevant and limited to what is necessary,
  4. accurate and, where necessary, kept up to date;
  5. kept in a form which permits identification of data subjects for no longer than is necessary,
  6. processed in a manner that ensures appropriate security of the personal data.

These principles are so onerous that every company which handles customer data should be wary of the penalties for a breach (up to €20 million or 4% of turnover fines). Here are some things to think about in the next month:

  1. What customer data is held? Is there a process for removing it once the data is no longer needed?
  2. Take a risk-based approach. Not all data is as sensitive as others.
  3. What third-party contractors do you share customers data with? Are they GDPR compliant?
  4. What will you do if there is a personal data incident?
  5. Are all employees up-to-date on the Regulations?
  6. Determine whether you require a Data Protection Officer.

Maybe this is a storm in a teacup and, like other EU Directives, fizzles out. Alternatively, maybe the Regulations have some teeth and customer data is protected better than in the past such as here, here and here. Either way, whether you run Facebook or you run a side business on the weekends the GDPR will necessitate up-to-date systems to deal with the new data handling landscape.

Nothing on this site should ever be considered to be legal advice or research but if you do wish to receive advice on any of the content discussed please contact us on 028 3752 5400 and we will be happy to help you. Please note that whilst we will aim to provide accurate information the world changes at a fast pace so always follow up with your solicitor to ensure you are fully up to date with same. For complete Terms and Conditions please see the relevant section of our website.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: