After the Cambridge Analytica and Facebook affair, there seems to be an uprising of users everywhere asking important questions. How is it possible for major companies to collect personal data from social networks and use it against their will? What would’ve happened had the Analytica whistleblower decided not to out his company’s misdeeds? Would we have continued recklessly throwing our personal data in big corporations’ faces? The answer is actually no.
It seems that the European Union (EU) has foreseen this issue and has adopted a regulation in 2016 that is key to stopping corporations as well as individuals from using personal data without prior notice. We present to you GDPR.
What is GDPR?
GDPR or General Data Protection Regulation protects the circulation of EU citizens’ personal information inside companies. Every organization inside the EU or outside, if it uses data of EU citizens, will have the responsibility to protect their user’s, client’s and employee’s personal data. That includes names, phone numbers, IP and MAC address, GPS, RFID tags, cookies etc.
Some of the most important requirements are having the consent of subject for data processing, providing data breach notifications and safely transferring data across EU borders.
As of May 25th, 2018, the EU will not tolerate anything out of the norm. It is obligatory to follow the GDPR and prepare your business on time, otherwise, there are going to be extreme punishments.
First of all, your current state of compatibility with the regulation will have to be checked. The experts in charge will estimate the resources necessary for accomplishing full compatibility.
After that, you will have to proceed to a revision of any business related to using personal data relevant to the GDPR. If there are any risks discovered, there will have to be an immediate reaction and action from the organization in question. All of the owners of the misused data are to be informed immediately.
One of the main changes from the former regulation is that from now on every organization must have a DPO (Data Protection Officer). They will be responsible for keeping tabs on all user data. Documenting, communicating with the owners and contacting persons or companies on the matter of privacy.
The only way to be quick and effective with implementing the GDPR is to invest in technical protection measures. There has to be a possibility of reporting of any type of violation within 72 hours and enabling owners to see, change and/or delete their data.
Sanctions and repercussions
There will be regular periodic data protection audits. If there seem to be non-intentional mistakes, the organization will be issued a warning in writing. Depending on the article violated, the fine could start up from €10 million.
How will this affect social media?
There is no need to worry about major social networks such as Facebook, Twitter, and LinkedIn. They are going to have the privacy settings built into them. The bigger issue is going to be advertising and marketing in general. To get to their targeted audiences, a company needs to have a clear view of a client’s personal data and their consent to use it. Since every business that cares about their clients uses social media to reach out to their clients, proper education of this matter is necessary. The contracts have to be simplified and straight to the point.
The perfect example of the influence of GDPR is going to be the changes in digital marketing. Every new visitor will have to give their consent to browse a page, which is going to affect the analytics department heavily. You are familiar with „cookies“, but this is something a bit more complex. It’s going to take a lot of creativity for web developers to make this transition as simple as possible. Remarketing is also going to take a hit from GDPR since they can suggest ads only to who checked the “consent box”.
All the preparations for the Regulation have to be carried out by May 25th, 2018, when the two-year transition period ends. It is crucial not to take this lightly. You really don’t want to give up large sums of money out of your own pocket for not following one of the articles.