You may have noticed that you have received dozens of emails over the past week from different companies. In all of them, the companies are either updating their privacy policies or asking you to give consent again. All this has been due to the implementation of GDPR within the EU and EEA. GDPR is a set of legislation meant to increase the privacy of people’s personal info, and this is having a ripple effect around various industries.
What exactly is GDPR?
GDPR stands for General Data Protection Regulation, and it comes into effect today on the 25th of May 2018. This new regulation is being implemented to respond to the changing environment to increase individuals’ privacy and control over their personal info. In an age where people frequently share their personal info on the internet with different companies, European authorities saw it would be necessary to put in place stricter laws. Essentially, GDPR will give back control of your info and away from the hands of companies with whom they choose to share this data. (These are the: Cryptocurrency Regulations Around the World)
The issue of privacy has always been a priority in the EU. This is why the Data Protection Directive was adopted in 1995 in line with European human rights laws. However, there have been significant changes since then in regard to privacy, which is what GDPR intends to address. The EU is different from the US in that the former gives individuals more control while the latter favours businesses. In the US, the issue of privacy became a thorny one ever since Edward Snowden blew the whistle on the NSA’s surveillance programmes over residents. (This is: The Trade Volume Analysis Forex Trading Strategy)
How does GDPR work?
Many people and even some companies may be worried that GDPR would prohibit them from acquiring personal info from people. This is not true. The legislators understand that there is a dire need by companies to collect info from people, mostly to provide ‘free’ services like Google, FB, etc. Nevertheless, GDPR intends to restrict how these companies use the info gathered. Consider the FB and Cambridge Analytica scandal where the latter would receive personal details from FB about people, then use it to influence voter opinion. This was clearly improper use of personal data. (Do you know: What Is The Future Of Cryptocurrency In Finance?)
According to the GDPR, controllers of people’s data are required to handle the data lawfully, transparently and only for a specific purpose. Under these directives, the scope of GDPR could be categorized into 3 different aspects.
The first intention of GDPR is that companies use a person’s data only after receiving direct consent from the individual. This is why many of the emails being received request people to re-issue consent for the particular company to use their info. Without receiving consent from the individual, a company that uses that individual’s info may be subject to fines. (Do you know these: The Top 5 Coins To Buy In 2018?)
Protection of personal data
Once a company has received consent and collected a person’s personal data, it is up to them to ensure that this data is kept safe and private. To do so, every company has to appoint a Data Protection Officer (DPO). This could either be an external or internal DPO. In either case, though, the company must ensure that there is no conflict of interest. This means that, in the case of an internal DPO, that they not be an employee in any other department where they would also be monitoring themselves. Furthermore, they must understand GDPR regulations and IT security. (This is: How Coin Scams Operate And How To Avoid Them)
To ensure that data remains private, GDPR requires that the data be encrypted by the company holding it just in case there is a breach. The most common form of encryption is by converting data into a hashed code that can only be decrypted with the right key. The companies could even go further and separate the data fields. For example, a person’s name, address and date of birth could be stored separately so that, even in the case of a breach, not all of a person’s info can be found simultaneously. (Will Coins Recover From Their Slump In 2018?)
Right to be forgotten
This is to restrict the use of data only to a specific purpose and no other. In the case of FB and Cambridge Analytica, this function was not observed, but GDPR will give people the right to have their info deleted. If a person feels that they don’t want their info in the hands of a particular company, they have the right to demand that it be deleted completely. Besides, the company itself has to delete the info once the stated purpose has been fulfilled. (Which Are The Most Influential Cryptocurrency Markets By Country?)
Who will be affected?
The implementation of GDPR is going to affect individuals in the EU and EEA countries, companies within this region and multinational companies with offices in the European region. For the individual, there isn’t a lot of expectations from them since the law is meant to protect them. All we have to do is review the privacy policies of the companies that we submit our info to and decide whether we would still like to keep things the same or revoke our previous consent. (The: 7 Powerful Candlestick Patterns to Learn and Understand)
The most impact would be felt by the companies who handle people’s info since they have to adapt to the new regulations. Since GDPR is a regulation and not a directive, it means that it is automatically adopted by all EU member nations as law. EEA countries have the option to decline its adoption, but more often than not, they do implement EA regulations. GDPR will also apply to companies in the UK, even though they voted to leave the EU. Brexit talks are still underway, and until they are complete, the UK still adopts EA regulations. (This is: How the Brexit affected Forex trading)
Therefore, companies operating within the EU have had to adapt to the new regulations, hence the flurry of emails to their mailing lists. It’s not just the companies based solely in the EU that have to worry, but also multinational and global companies with offices in the EU. Besides data protection, GDPR also has directions over how data is transferred to other countries. Transfer to and fro other EU and EEA countries is, of course, permitted because they are also covered by GDPR. Then there is a list of third countries where transfers are also permitted including the US, Canada, New Zealand, etc. As for those countries where permission is not expressly granted, the company has to ensure that data is kept secure and that the individual gives consent. (Do you know these: 5 Tips to Choosing the Ideal Cryptocurrency Exchange?)
In case a company does not comply with GDPR, they will be liable to fines of up to €20 million or 4% of their global turnover in the previous financial year; whichever is higher. This fine is for severe violations like intentional infringement or a failure to adhere to GDPR. For minor violations, a company may pay up to €10 million or 2% of their global turnover in the previous financial year; whichever is higher.
There is one further caveat many companies may not be aware of – GDPR does not only cover EU citizens within the EU but also wherever they may be around the world. Consequently, a company would have to implement GDPR for EU citizens even if they were based in, say, Australia. (The: 5 Most Popular Uses of BTC and other Coins)
How will GDPR affect other industries?
The implementation of GDPR will have a ripple effect over many industries, one of them being the retail Forex industry. Earlier this year in January, MiFID II came into effect to help address some of the issues plaguing the Forex industry. In order to increase efficiency in solving conflicts between clients and their brokers, MiFID II requires that every broker record their correspondence with their clients either by email, phone calls, SMS, social media or any other avenues. The info is then supposed to be stored for 5 years. This would help financial regulators follow up on complaints and achieve a resolution faster. (These are the: Changes In Forex Regulation Through MiFID II)
However, this is in conflict with GDPR that gives a person the right to have their info deleted whenever they want. Therefore, there may be a conflict between the two legislations. To get around this, Forex brokers are simply asking their clients to give them consent to keep their personal data for up to 5 years. With consent, both GDPR and MiFID II are sufficiently fulfilled. The same approach could be applied to other dictations of GDPR such as the transfer of data to third countries. This could affect a Forex trader based in the EU using a Forex broker that is outside the region. (The 3 Most Trusted Exchange Authorities in The World)
Besides the Forex industry, a number of other industries have also had to either request new consent from their users or to completely withdraw their services to EU residents. Tumblr and other Oath websites required their users to give consent or be denied access to their services. Clicking through to read more would reveal that once consent was given, personal info would be shared with more than a hundred advert networks. (What Is The Financial Commission And Can It Be Trusted?)
This is exactly the kind of privacy breaches that GDPR is supposed to counter to ensure human rights are observed. The full impact of GDPR is yet to be felt, but FB and Google have already received complaints from their users, yet even the first day of GDPR has not ended. (Cryptocurrency Ads Banned From Google And Social Media)
To find out how companies are reacting to GDPR and how the law is being perceived, watch this quick video: