MoneyOnComputer

[mostakimvip05]

While the dust caused by ZEKom-1 and the resulting cookie regulation has just settled, the European Commission has already prepared the next shipment for us in the form of GDPR ( General Data Protection Regulation ).

Our legislators have "transformed" it into ZVOP-2 (a draft of the law has currently been published, which you can read here ), and it has already raised quite a bit of new dust among Slovenian companies. But don't be too afraid. GDPR is not as scary as it seems. It does bring a lot of innovations and changes that will impose new rules on companies, but at the same time will bring more transparency and clarity to the market, especially for end users.

Global, as well as Slovenian, companies are collecting more and more data about users and customers (hereinafter referred to as "users") and then using it more or less successfully for various purposes. All in the name of progress, personalization and business improvement. We know more and more about users. At least that's what we think.

My personal view is that data (at least some of it) should be transparent. If a company is storing certain data about a user, it is only right that the user knows what that data is. Not only to control the company, but also so that they can correct it if it is incorrect and thus allow the company to actually use it more accurately.

GDPR is heading in that direction at an overarching level. At least in general terms, it talks about transparency and places certain responsibilities on companies in that regard. So I think GDPR is a step in the right direction at that level. I'm afraid that at the level of practical implementation, it's a big step in the wrong direction.


GDPR imposes enormous responsibility on companies and introduces rigidity in the use and processing of data.
Click To Tweet

This reduces the competitiveness of European companies in the global market , which may harm Europe in the long run much more than “poor” data protection . Let’s face it, we are all willing to sell ourselves for five euros (or, to put it more technically, we are all willing to give up our personal data to an online retailer if we get a five euro discount) and no regulation will change that. #justsaying

But let's put these controversies aside for now. Quite a bit has been written about what GDPR is . Given that at Red Orbit we mostly deal with data (or, according to GDPR, "the processing of personal data for the purpose of improving and personalizing marketing and for the purpose of improving belgium telegram data operations and business results"), this time I will focus on the impact of the new legislation on our work.

Are we no longer allowed to collect and process personal data because of GDPR?
Of course they can. GDPR does not prohibit the collection of personal data , but only specifies more precisely how we can collect it (there is nothing particularly new here), why we collect it, how we store it and how we process it. It requires companies (and their external partners) to more precisely define the reasons for collection and individual procedures related to the processing of personal data. What does this mean in practice?

5 areas where GDPR will have the biggest impact

1. Introduction: obtaining (updating) consent
When companies collect personal data (user registration, subscription to an e-newsletter, prize games, etc.), they will have to define more precisely for what purpose the personal data is collected and who will process it. This means that the phrase “we will use the collected data for marketing purposes” is no longer enough . It is necessary to determine for what marketing purposes we will use it. Of course, no one knows how far to go or how precise to be, except for the Information Commissioner. The more precise you are, the more satisfied the IP office will be, but of course you are limiting yourself in doing so. Consent to the use of personal data must still remain explicit (opt-in).

2. Collection: introducing new ways of collecting personal data
Ad-hoc ideas for a new giveaway or a new way to collect contacts will no longer be so “ad-hoc.” In addition to appropriate consent (described in point 1), the law requires you to carefully consider what you will do with the data before any new processing of personal data, and to discuss this with your Data Protection Officer or DPO (if your company qualifies as a DPO).

3. Processing: introducing new ways of processing and using personal data
Let's assume that you have been collecting personal data for several years and in your consent you state that you are processing the data for marketing purposes. You have a problem. As already mentioned, this diction is too general and consent will have to be obtained again for all this data. So change the consent. In the new consent, you have defined that you will use the personal data to carry out remarketing or "remarketing" on Google . Over time, you notice that remarketing works really well, so you decide to expand it to Facebook. Oops. You have a new problem. Since you defined in the consent that you will use the data only for remarketing on Google, you may not use it for remarketing on Facebook. As mentioned, be smart and think in advance where and how you will use personal data.