Why the GDPR is important for our business
This blogpost wants to talk about why the EU is trying to bring about a uniform data protection regulation and what that means for us all.
One word that has been mentioned in recent years in connection with European economic policy was the internal market.
The European internal market is, with regard to its purchasing power, the largest single market in the world. As a result, we are able to impose globally important standards for consumers, because globally operating producers have to adapt their products to regulatory requirements, of course, in the largest single market, and overall quality is thus increasing. There are European standards in many areas, such as the important agricultural sector. If I want to sell my spreads as BIO in the EU, I have to comply with the European organic regulation — but then I can sell my spreads theoretically in the whole EU.
What is obvious to everyone in the physical world is somewhat more complex in the digital world. For the big — advertising — internet groups such as Google or Facebook, our data and keywords are the product sold to advertisers. The handling of these data is subject to national law and is handled differently in each country. In addition, the company may rely on the DPA (Data Protection Act) of the country of its establishment. In the well-known case of Max Schrems against Facebook, this was also the reason why an Austrian student had to sue his data protection rights before a court in Ireland.
It is clear to everyone that this situation is not sustainable in the digital world. This is why the EU has undertaken to harmonize these many national data protection laws in a new, uniform, basic regulation. This basic regulation will enter into force from May 2018 onwards and aims at an EU-wide harmonization of data protection laws.
The aim is to create a single internal market in which the processing of personal data is the same everywhere.
The principles of this data processing are described in Article 5:
1. Transparency: Personal data must be processed lawfully, in accordance with the principle of good faith and in a manner which is understandable to the person concerned.
2. Purpose: Data must be collected for established, unambiguous and legitimate purposes and may not be further processed in a manner which is incompatible with these purposes.
3. Data minimization: personal data must be appropriate, substantial and limited to the extent necessary for the purpose of processing;
4. Correctness: data must be factually correct and, where necessary, updated; Taking appropriate measures to ensure that any personal data which is incorrect for the purpose of processing them is immediately deleted or corrected.
5. Memory minimization: Data must be stored in a form which allows identification of the data subjects only for as long as it is necessary for the purposes for which they are processed.
6. Integrity and Confidentiality: The stored data must be processed in a manner which ensures adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, accidental destruction or accidental injury through appropriate technical and organizational measures.
These principles of data processing are therefore valid from May 2018 onwards throughout the EU and provide the foundation for every digital business. Every online shop, every forum operator, every newsletter provider can be sure that he has to treat the user from Italy the same way as the user from Sweden. This creates legal certainty and also makes it very clear outside the EU how to deal with the data of Europeans.
I will go into the next posts how these points are related to swync and what we have in this area. Only so much — The EU GDPR will lose some horror by swync;)