The prevalence of social media in both our out-of-work and professional lives might have made the 21st century a data free-for-all, but things are about to change.
On May 28th 2018, the EU’s General Data Protection Regulation (GDPR) will herald a new dawn of data security, and firms that handle the data of individuals living within the EU will have to make key procedural changes if they are to avoid fines and ensure a future of compliance.
Change will be spearheaded by a culture of legitimate use, whereby firms will have to ask data subjects’ permission for using personal data, while also supplying a legitimate reason for needed to use that information. This will put an end to storage mines holding dormant data; as soon as the legitimate interest of information’s use has expired, that information will have to be erased.
Consent will also play a key role under GDPR. This is about being transparent with asking for and obtaining opted-in permission for an individual’s private data. As defined by Article 4 of the GDPR, the data subject’s consent means…
“…any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Changes to social media and marketing
The good news for firms that use social media sites such as Facebook, LinkedIn, Whatsapp and Twitter, etc. is that such platforms will have privacy notices built into them.
Marketers generally will have a tougher job staying compliant to GDPR, and new emphasis will fall on educating audiences on their new rights, and reassuring with regards to firms’ transparent adherence to best practice.
Consent will need to be evidenced at every step. This means business owners will have to ensure that their procedures reconfigure so that it becomes easy to prove that each individual engaged with has formerly agreed for their data to be processed through an easy-to-understand contract.
Social media firms will have to work hard to drive this education, making sure that users are aware of their new rights and requirements to grant consent, while keeping as seamless experience as possible.
Don’t run the risk of non-compliance
There’s a great deal of work to be done, but just consider the potential consequences: a worst case scenario could see a data breach leading to guilty firms being fined up to €20 million or 4 per cent of turnover – whichever is greater.
But that shouldn’t be a key motivator. Get GDPR compliance right and business owners stand to make huge savings by streamlining their data stores and earning new market respect through transparent compliancy that will keep us all safer in the long run.
To find out more about GDPR, visit GDPR Summit London.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus