General Data Protection Regulation

By admin April 10, 2018

1.A little concern for online users

As you all know, the world has neglected our online security. Many Organizations and Companies are not responsible enough to create a secure place to store our personal and professional data. Our documents are now traveling, around the web, via email, with certainty to get lost and used by Cyber Criminals — this is a BIG mistake!

In addition to this, our consumer rights are not respected. Websites monitor our movement with binoculars. They study us, our psychology and our behavior. They manipulate and intrude our brain without us being aware of it. By being inattentive, we are also making our “fingerprints” available for sales, to third party companies, when visiting any kind of websites. We now need to take action, by reading their Cookie & Privacy policy.

But don’t worry, the European Union ‘found a solution’ to solve this critical issue. A new General Data Protection regulation (EU GDPR), adopted on 27 April 2016, will take effect from 25 May 2018, with the sole aim of protecting our information from being misused. Unfortunately, the time adaptation is giving two years of freedom to reckless email recipients and online criminals to leave a mess behind them and carry on with their dirty activity.

2.GDPR: Good for users, bad for companies?

While we understand the necessity of protecting our personal data, online, many companies are still not aware of this new regulation. In fact, many professionals still don’t understand the purpose of this new regulation and why it has replaced the “Data Protection Directive”.

Moreover, online GDPR trainings are not for free. Companies should be prepared to spend between 140 EUR per day to 400 EUR, the full online training. The other “inconvenient” solution is to recruit a Data Controller or a Data Protection Officer, depending on the amount of personal data that companies are processing, to ensure the internal compliance.

In this case, they should estimate an approximate 30,000 EUR per year, for someone to manage their clients and employees’ data protection, with a full compliance background and a solid understanding of this specific legislation. Could that be a better option? Finally, organizations need to be aware that the penalty can be colossal, if they fail to take the necessary measures, for our security. According to the GDPR portal, if they are found guilty of breach of trust, the fine can go up to 4% of annual global turnover or 20 Million EUR.

3.What can you do, as an individual, to protect yourself?

  • Make sure companies or any organization doesn’t send your data, via email. The documents must be uploaded in their portal, online, where you can download them, at your convenience.
  • If they do not have an online software, you will then need to password protect your documents and send your password in a separate email. If you send a protected file and the password, in the same email, the encryption will be useless.
  • Do not provide any bank details or documents via email. You should have the option to include and/or upload the needed information, yourself, in their online portal.
  • Companies & organizations should give you the right to erase your personal data. Make a request in writing, and keep a copy, for your record. You should receive a feedback, from them, within one month of receipt of your request.
  • It is not your responsibility to do this, but it’s always a good idea to tell organizations, who process your personal data, about the new General Data Protection Regulation. Don’t forget to include an “FYI” link of the official EU GDPR, when sending them an email!
  • In case of a security breach, organizations must notify you, within 72 hours, and mention the type of data involved so you can protect yourself against potential identity theft. Make sure they are aware of their responsibilities, before providing them with any type of information.

4.Online Server for your data storage

You might want to find out where companies and organizations store your personal data. The GDPR applies to organizations, located within the EU as well as to organizations, located outside of the EU. For a better control, their data storage should be located within the European Union.

It might be possible that countries such as China or Russia, who process large amount of data, outside of the EU, have different regulations, so make sure you understand these regulations before making any online purchase or providing them with your personal data.

You can contact the International Consumer Protection and Enforcement Network if you are ensure about your consumer right.

In the meantime, if you are looking for an easy way to store your data, is a great tool I can recommend for your company. This user-friendly program provides multiple options to store personal documents and if you run out of space, don’t worry, offer extra storage — this way, you won’t need to get rid of all your important documents.

Thank you for reading!

Laura KOCH