Data Privacy Compliance, Is your business at risk?

a laptop with an eu GDPR logo on the screen. Demostrating data privacy compliance

Data Privacy Compliance is suddenly at the forefront of most company’s plans. Most businesses will be aware that the legislation has changed (and is still changing). Some will also be aware that the data protection authorities have begun to fine non-compliant organisations.

On the 25th of May 2018, the European Union introduced the General Data Protection Regulation (GDPR). It addresses how organisations use, store and process personal data. With almost a year passed since the introduction of GDPR, many businesses remain unaware of its implications.

Who enforces GDPR?

Each country has a data protection authority. In the UK it is the Information Commissioner’s Office (ICO) and it is not a job they take lightly.

According to a report published by DLA Piper(2019), in the 8 months since GDPR’s implementation, there were 59,430 breaches across Europe. In some countries, total reported infringements were as low as 15 and in others as high as 15,000. This demonstrates the varied attitude to data protection across Europe.

The lion’s share of the 59,430 enforcement cases came out of The Netherlands (15,400), Germany (12,600) & the UK (10,600). Businesses operating in these three countries must be particularly wary.

Data Privacy Compliance. What’s changed?

Before the 25th of May 2018, the number of infringements reported per month was around 350. Two months later this rose to 1,752. As dramatic as these figures appear, in the first months of GDPR there were very few fines.

Yet, it appears the grace period is over. In January 2019, Google had to swallow a €50 million fine for GDPR violations. This must serve as a wake-up call for all businesses that deal with their customer’s data.

Google office in California

The greatest fine possible for a GDPR breach, which is €20 Million or 4% of annual revenue. This is far greater than the largest fine afforded by the Data Protection Act (DPA), which was £500,000.

Who is most vulnerable?

It is not only the largest corporations who are being held accountable. A hospital in Portugal was recently fined €400,000 for a GDPR violation. In Germany, a small company called Kolibri Image was fined just £5,000. This illustrates that businesses of all sizes are at risk.

One of the six bases for processing personal data is consent. It will often be used where there is no contractual basis or legitimate interest.

The changes in rules around consent have been particularly challenging for businesses. The need to get freely given, specific, informed and unambiguous consent will often run counter to established business practices. Marketers, in particular, have a difficult time getting freely given consent

Can you be sure your whole organisation is compliant with GDPR’s rules on Consent? Why take the risk. To avoid a devastating fine, not to mention reputation damage, sign up for a free trial with Consentua and start your journey to compliance.

If you would like to start a free trial call 02392 160640 or contact us at https://consentua.com

You are now a personal data guardian

Data controllers and processors are starting to realise one of the implications of GDPR (General Data Protection Regulation), is that your role as a data processor/controller has been enhanced to become a personal data guardian.

What is this personal data guardian role precisely? The premise is that now citizens/customers have new rights, specifically the right to know what personal data of theirs your organisation process’ along with a right to be forgotten. Which means that ownership of personal data is the individuals. Now you are humble custodian and guardian of this personal data whilst it is in your domain.

Organisation-wide impact

This change in responsibility for personal data has an impact across an organisation. As previously held norms no longer apply. Previous assumptions are no longer valid. In fact, trust is becoming ever more important. Brands wanting to differentiate are enabling customers full control over the personal data they choose to share.

Protection

The key word in GDPR is ‘Protection’. Organisations need to know what personal data is being processed, for which purpose. They also need to know where that data is being processed, who has access to this data and for what purpose are they using that data. The Privacy Impact Assessment - (aka the PIA) is the exercise that has captured this evidence. The PIA will become the foundation for your consent service.

Not Just a tech thing

Compliance, however, is not all about technology. It should be more about training, culture change, process change and a more transparent relationship with your customers. GDPR is actually a massive business opportunity. A chance to engage. A chance to build trust in your brand. A chance to have permission to know even more about your customer and therefore a better chance of making your customer happy at the same time as improving your operational effectiveness.

Direct Marketing needs a fix

Consent for direct marketing purposes is a must. The previous regime of web tracking, buying email lists and mass targeting is over. Now organisations need to get consent from their contacts/customers/users to engage in direct marketing.

More interestingly, the services and experiences that use personal data such as location, all require consent.

Even more interesting, is that people want to give their personal data to brands that they trust. Trusted brands have engaged and motivated customers which impacts the bottom line.

This is where Consentua comes into play. Consentua is a consent management tool.

Take your PIA output, plan the data purposes against the customer journey.
Consentua describes to the user very clearly what data is being used for what purpose. They can then choose to give consent or not. Simple to deploy, even easier to use.

Use your own CSS, add what else you need to the webSDK to present the most awesome consent interaction that will motivate your customers to trust you with their personal data.

Tell me more about Consentua

Consentua is made up of the following:

  • An easy to use framework accessible via a dashboard, used for the creation of your own consent templates, accessing your dedicated & secure client consent service(s).
  • This connects to a secure, highly available data repository which stores your user’s consent receipts.
  • The user interacts with the API via a series of SDKs available for iOS/Android/Web.

Consentua is a consent hub, allowing an organisation to have a single consent repository which they can choose to share internally and externally. The consent receipt is the audit point for GDPR consent compliance.

Consentua provides a really flexible consent service that puts you in control over the personal data being requested, at the same time as being transparent to the end user, whilst also giving the end user real choice and control over how their personal data is used. This builds trust and allows an organisation to grow their scope of purpose for the different types of personal data being used.

To know more about consentua, go to consentua.com