SMEs more anxious about GDPR's threat to reputation than fines

Ruben Fields
May 16, 2018

USA -based social networking company Snap has reported in a recent blog post that it's compliant with the E.U.'s General Data Protection Regulation principles (GDPR).

The GDPR sets forth certain core principles for data collection, processing and retention, which will require covered businesses to adopt and implement policies that apply at the outset of receiving Personal Data from the data subject or other sources.

Some companies are transforming this pragmatic decision into a marketing advantage, telling their USA clients they are offering European-level data protection, said Pfeifle. A major difference is that a business will risk paying fines of up to 4% of annual global turnover, or €20 million.

In contrast to USA privacy laws that tend to cover specific kinds of personal data (e.g., healthcare, financial) the GDPR covers all personal information relating to an identified or identifiable individual.

GDPR also forces Google to address tools for children. Like any new regulatory obligation, the GDPR appears at first glance to be a constraint, particularly given the amount of sanctions foreseen in the event of a breach: up to 4% of the company's global turnover or Euro 20 million.

"Companies that have to be compliant under the GDPR should think already about the Cayman Data Protection Law, which is very similar". Today's tech-conscious consumers only want to work with the most trustworthy data handlers, and the GDPR allows them to call the shots louder and with more influence than ever before.

Facebook has recently begun asking its European users that they approve the use of their data in order to provide them with more pertinent advertisements as well as permission for facial recognition.

Rare two-headed deer found in forest
After the study wrapped up, the twins were preserved by Robert Utne and taxidermist Jessica Brooks to create a realistic display. A CT scan and MRI were conducted and revealed the fawns had two separate head-neck regions, which rejoined along the spine.

For now, its location products are real-time focused, but the company has hinted that in time there may be location-based products or features that require users to opt-in for new data to be collected or stored for a longer period of time. However, many healthcare providers and organizations outside in the United States have not become acquainted with these requirements and how it will affect the industry.

Facebook chief Mark Zuckerberg himself conceded the GDPR's importance after research firm Cambridge Analytica plundered the personal data of tens of millions of the social network's users for the 2016 USA presidential election.

"By negotiating the possibility of data transfers outside Europe we are in fact pushing other countries to increase the standards", Jourova said.

Similarly, as more health and credit records move into the digital realm and the Internet backbone, such records have also ended up being hoovered up by nefarious actors - from organized crime to unscrupulous companies to repressive governments, used for blackmail, character assassination, electoral fraud or outright theft. In general, an organization may collect and process personal medical information only if it is necessary for patient treatment and diagnosis, and with the explicit consent of the patient. In such a case, these recommendations may soon extend to those operating without any European Union customers, especially in the current context of data breaches and insufficient privacy features. It covers personal information and activities taking place within the European Economic Area, even when the party processing the personal information is not located in the EEA.

Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. Organizations must have taken appropriate measures, both in terms of IT infrastructure and organizationally, to prevent personal data from being processed without authorization and to protect against loss of data.

For data that is collected, one of the other aspects of GDPR that has impact is the anonymization clause. Documenting these audit results may be useful in demonstrating compliance with the rule.

In addition, the new regulation will change the game, particularly in destination brand marketing and advertising for medical tourism companies.

Other reports by

Discuss This Article