Enterprises still unprepared for new European Union data regulation

Enterprises still unprepared for new European Union data regulation

Enterprises still unprepared for new European Union data regulation

New EU rules on data privacy come into effect this month.

With the General Data Protection Regulation (GDPR) set to go into effect on May 25th, 2018, many organizations are scrambling to ensure their compliance with the law, while many are unlikely to have compliance sorted out in time.

The Israeli regulations outline the duties of all companies and non-profit organizations operating in Israel and running or processing a database which contains personal information.

With GDPR, wealth management companies will need to provide customers with a mechanism to easily give or withhold consent for the use of their data. Under Article 33, the GDPR requires that "data controllers" provide 72-hour notice of a "personal data breach" to the appropriate "supervisory authority", but this notice is not required if "the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons". Affected parties can also file for damages in civil suits in Israel. This process needs to clearly and unambiguously state how consent is given and how any data acquired will be used. The chief focus of these regulations is to protect the collection, use, and transmission of personal data of people while they are physically within the EU.

"GDPR is raising the importance of privacy and data sovereignty in the enterprise", said Gagan Gulati, Principal Group PM, Microsoft Corporation.

Ann Cavoukian, a former Ontario privacy commissioner now at Ryerson University in Toronto, says Facebook had also considered separate policies for European Union and non-EU markets before the Cambridge Analytica "debacle". Recent significant data breaches serve only to remind us that organisations must start to take the security of their data extremely seriously. In August, a total of 43 percent of respondents expressed absolute confidence in their full compliance with the rules, and only 16 percent said the same in April. Personal information is anything that can be used to identify the user directly such as a phone number or social security or indirectly, via cookie ID or device ID.

One clause of Oath's Canadian terms of service, in particular, outraged consumers when they discovered they were consenting to allow Yahoo to use the email addresses and phone numbers of friends and other contacts.

Ensure you're aware of what information you are capturing from individuals. In addition, there are written consent requirements for sensitive personal data as defined by the regulations, and data subjects have specific rights they may exercise to inquire about their data. "And I think the same thing is true of the GDPR". "You will need to know this so that you can explain to European individuals which data of theirs you are collecting as well as how you use it". GDPR requires companies to demonstrate a lawful objective for any collection and sharing of personal information.

Hypponen notes that reactions from users in the European Union echo sentiments such as "Our freedom is more important than their business", and "This weeds out trashy websites", while users in the U.S. are voicing opinions such as "This should teach those smug European Union regulators a lesson".

"It's the exact opposite of what happens now", Cavoukian said.

Related news

[an error occurred while processing the directive]