You Think You Don’t Know Enough About GDPR? You Are Right and Here’s How

EU img

The EU has taken the first step in protecting the data and privacy of its residents. Through the enactment of the General Data Protection Regulation (GDPR), people are now able to have the protection they are looking for online. This means changes for businesses everywhere that are planning to reach consumers in the EU.

Companies need to look at the way that they are handling the personal data of their customers and have an action plan in place to ensure their privacy is protected. Without a strong understanding of what the GDPR means and how it affects your business, you could find yourself in a situation with the EU that you didn’t count on.

Fifteen members of Forbes Technology Council discuss some of the more unexpected consequences of the new GDPR regulation. Here’s what they had to say:

1. Restriction Of Privacy And Innovation

GDPR is the latest version of Y2K compliance — long on speculation and fear, short on reality. In my opinion, regional enforcement of global technology is an impossibility and will restrict — not enhance — privacy, freedom and innovation. The result will be regions of non-compliance (GDPR havens), enormous expense and uncertainty. – Wayne LonsteinVFT Solutions

2. Roadblocks For Blockchain Data Storage

GDPR could impact the decisions and data sets being stored and collected in emerging private and public blockchains. This may create roadblocks for companies looking to embrace blockchain to store any data that may fall under GDPR. – Aaron VickCicayda

3. Opt-In Fatigue

One of the most unexpected consequences of GDPR is the wave of new regulations in jurisdictions outside of Europe, including California, New York and perhaps soon in Asia. Another unintended impact is “check the box” fatigue where opt-in consent language is presented so frequently on websites and apps that consumers don’t read the consents and just check the box, waiving their privacy rights. – Silvio Tavares, CardLinx Association

4. Poor Customer Service

One GDPR byproduct distortion or unintended consequence is excessive regulation leading to poor customer service. The pendulum has swung too far and will be moderated by citizen feedback. – Jeff BellLegalShield

5. Small Businesses Getting Hurt

The companies that are best prepared for GDPR are the big ones: Facebook, Google, Amazon — those that have the money to pour into their tech and legal teams for ultimate compliance. The small and medium-sized businesses, however, may be less prepared, making them more vulnerable to potential fines and penalties. – Thomas GriffinOptinMonster

6. The Slow Death Of Free Services

If a service is free, then your data is the product. We all love using Facebook, YouTube and the many other social media platforms. However, we fail to realize how these businesses operate. If regulations strangle business, then the alternative is a paid model. Just look at YouTube and how it’s strugglingwith its paid subscriptions. – Daniel Hindi, BuildFire

7. Talk About Similar Regulation In The U.S.

The most unintended consequence has been the multitudes of discussions about a similar impending regulation in the U.S. In fact, reading between the lines of Facebook’s testimony to Congress, it is clear to me that tech leaders realize more care ought to be given to sensitive data, and users should have more rights. They are preparing for coming regulation stateside. – Michael RoytmanKenna Security

Read more on Forbes:

https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#2ce5537f94ad 

Facebook Seeks Financial Information From Banks in Exchange for Users

Facebook Stock

The social-media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking-account balances, as part of an effort to offer new services to users.

Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase JPM +0.24% & Co., Wells Fargo WFC +0.60% & Co., Citigroup Inc. C +0.96% and U.S. Bancorp USB +0.62% to discuss potential offerings it could host for bank customers on Facebook Messenger, said people familiar with the matter.

Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said. 

Data privacy is a sticking point in the banks’ conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many as 87 million Facebook users without their consent.

One large U.S. bank pulled away from talks due to privacy concerns, some of the people said.

Read more at Wall Street Journal: 

https://www.wsj.com/articles/facebook-to-banks-give-us-your-data-well-give-you-our-users-1533564049?mod=hp_major_pos16  

 

 

 

 

 

Farmers Case Study - Information Governance Perspectives

Less is more, gaps are opportunities and relationships matter: A Case Study in Information Governance at #AIIM2018!

AIIM 2018 is just around the corner and I’m thrilled to be presenting my Case Study at this great conference which takes place April 10-13th, in San Antonio! Hope you can join me and so many like-minded in San Antonio this year or later in May when I’ll also be speaking about a program which was recently honored by ARMA International with its Excellence for an Organization Award!  Here are a few slides from my session which will be held on April 12th at 5PM.

The Future of Compliance – An Interview with Professor of Financial Law Miguel Mairlot

First in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.


Miguel MairlotMiguel Mairlot is the Risk and Compliance Officer for Lombard International Assurance and a Professor of Financial Law.  I sat down with him at the beginning of the year to learn a little more about his experience in the field of Risk and Compliance and pick his brain on issues like GDPR, the future of privacy rules, the role of A.I. in “fintech” and any advice he can offer millennials looking to get started in the business.

What is it about the business discipline of Risk and Compliance that originally attracted you to the field and keeps you interested?

I spent the first 10 years of my career working in litigation, specializing in banking and finance laws. My expertise and knowledge of the MiFID regulation (Markets in Financial Instruments Directive) led me to work on its implementation for various financial institutions. At that time, legal and compliance tasks were usually performed by the same department. Although I’m interested and continue working on several aspects of the MiFID regulation, I devote most of my time on issues related to money laundering and the detection of serious tax fraud in the event of repatriation of assets.

How do you think companies should approach implementing GDPR and what do you think will be the greatest challenges here?

Any company subject to GDPR should take great care when implementing the requirements set out by this new regulation. Before its entry into force, data protection was not a top priority for many European companies. Now, the paradigm is about to change, due mainly to the hefty fines which can be imposed and the potential reputation damages which may result from a violation of the GDPR provisions.

Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

The implementation of GDPR will require the revision of internal procedures, the appointment of a Data Protection Officer in some cases and a mapping and assessment of all the data processes, as well as contractual changes. Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe. Read More