GDPR is Here – A Quick Guide for Consumers and Investors

 

Alka Garg, a RedCloud Consultant, shares insight into what GDPR is and how consumers and investors can take action for protection.

Amid much hype and industry buzz, in late May the European Union implemented its new General Data Protection Regulation (GDPR) aimed at strengthening privacy laws and data protection for individuals. While based in the EU, given the global nature of data and that it may be a predictor of broader global regulations, companies are racing to meet the looming GDPR deadline to protect consumers and themselves.

Failure to comply with GDPR may result in a fine of 4% of annual global revenue of the company or €20 Million (whichever is greater), so clearly investors should also consider the impacts on their portfolio for companies which may not comply in time.

A heavy topic driven to the limelight by the recent Facebook-Cambridge Analytica scandal, GDPR can create confusion for all of us as consumers (what should I be doing?), and uncertainty for investors (are we protected?). But just how will GDPR impact all of us as consumers and how could the investment community leverage both compliance and noncompliance?

Consumers’ perspective:

Here are our top tips consumers must know to protect their personal data:

  • GDPR provides consumers the rights to request for view, edit, and delete their personal data from a company. Consumers also have the rights to request their data from a company and take it to another company.
  • GDPR makes it a legal requirement to include data protection requirements when the products are initially designed so most companies are providing better privacy controls in the products. Consumers must pay attention to these privacy controls in the products when they sign up or create their profiles.
  • GDPR requires privacy consent experience to be in clear and plain language instead of long terms and conditions full of legal terms so consumers must read the privacy notice before providing consent for any services. GDPR requires companies to provide an easy experience to withdraw from a service as well.
  • In case of data breach, GDPR requires companies to notify their customers within 72 hours of becoming aware of the breach.
  • Consumers should file a complaint with appropriate regulatory authority if they learn that a company is engaged in some fraudulent data handling practices.
  • Lastly, consumers MUST understand the value of their data and what is required to be shared, as companies may have their own interest to use this data to drive their business.

 

Investors’ perspective:

Here are a few top considerations investors should know about a company before making an investment:

  • Multinational companies are applying the GDPR requirements globally, but currently GDPR regulation is applicable only on processing of personal data of EU citizens and residents regardless of where the company is located.
  • The more sensitive the personal data the company is processing, the more of a risk it is for the company.
  • The more exposure of data with 3rd parties (for example: product/device created by one company and apps for that product created by multiple small companies), the more risk for the company. Companies need to put additional measures in place to ensure 3rd parties are GDPR compliant.

 

Alka Garg