GDPR has finally come into effect and data brokers and tech firms are, as expected, feeling the strain - but a number of other sectors have also been shaken up by the new EU regulation
The time to stop talking about GDPR and start acting on it has finally arrived.
The new EU data regulation rules threaten companies with hefty fines of £17.5m or 4% of their turnover – whichever is higher – should they fail to comply with the new legislation intended to give people more control over their personal data.
It gives individuals the choice over whether to allow companies to access their details, and the onus is now on businesses to contact them and ask for express permission to do so – which is why our inboxes have probably been overflowing lately.
Needless to say, data brokers, tech firms and any companies that specialise in the specific collation and use of information are going to be the most overtly affected by the change.
However, the implications of GDPR are somewhat more ubiquitous than expected, with several sectors that might not have expected to be particularly affected now having to rethink their approach to the management of digital data.
US news websites
Despite GDPR being an EU-based regulation, the US is not going to remain untouched.
Several high-profile American news websites, including The Chicago Times and LA Times, have now had to make their content unavailable in Europe until they get their data policies up to scratch.
This is because GDPR, while being an EU regulation, also affects non-EU countries when trading with member states.
Readers in the EU that clicked on the LA Times website on Friday morning were greeted by this message: “Unfortunately, our website is currently unavailable in most European countries.
“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.
“We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”
All in all, every one of top US publisher Lee Enterprises’ 46 newspapers are offline in European countries, and several primary sites like The Washington Post and Time are inaccessible for the time being.
Under GDPR, profiling individuals using their data – in order to make automated decisions which could have “significant” effects for customers – is subject to new safeguards.
But these measures, which include the right for customers to challenge such automated decisions, offer very little guidance on the meaning of significance.
For gambling operators, this presents an issue because profiling is a key element of their business, allowing companies to quickly categorise customers and decide whether they warrant anything from extra awards to account suspensions.
It’s up to the operators to decide which decision will have a significant impact and whether to make it.
If they get the decision wrong, they become susceptible to the aforementioned fines.
Healthcare providers have long been at the forefront of digital transformation, as their business involves the storing of massive amounts of personal data.
A key aim of GDPR is enabling the widespread availability of information concerning the purpose and location of collected data.
On the face of it, this could provide healthcare providers with a more detailed view of their patients – helping to improve diagnoses.
But GDPR also introduces the “right to be forgotten”, which could conflict with the legal requirement for healthcare providers to retain data following a patient’s discharge or death.
If patient’s can demand a healthcare provider delete their data permanently, the efficacy of future treatment could be worsened.
Wearable devices like the Apple Watch and Fitbit collect data from their users, who are now legally entitled to be told exactly what that information is.
It promises an awkward challenge for wearable tech companies as part of their market proposition is the collection of critical data and its presentation in bite-size form for the customer’s convenience – a selling point that is now, technically, illegal.
MetaMe, a personal data wallet and marketplace led by London entrepreneur Dele Atlanda, is one organisation with a solution – clean data.
In the clean data economy businesses pay individuals for their data using MetaPods (mPods) – crypto information objects using AI to enable granular units of data to be isolated and encrypted based on an intention, like the buying or selling health insurance, for example.
MPods are shared and traded privately and contextually in exchange for Krypto Koins, MetaMe’s currency.
MetaMe chief digital officer Dele Atanda says: “MetaMe’s primary commercial model is to enable people and businesses to share information with each other in a mutually beneficial manner, creating a virtual circle that encourages both sides to share more with each other.”
GDPR-based changes announced by the DVLA – the UK’s driver licensing agency – in April require more than two million drivers grant new driving licence data permission to their fleet operator.
Employers and fleet managers, who are legally obliged to check a drivers’ entitlement to drive, will be under pressure to hit the DVLA’s 25 August deadline.
To ease the burden, the Association for Driving Licence Verification (ADLV) member companies, which facilitate online licence data checking, are contacting their customers to advise on the new compliance requirements.
ADLV members and their customers must be satisfied that the new fair processing declaration complies with GDPR and is permitted by the driver.
They will also advise customers on the implication of the change and how they can ensure compliance with the new DVLA requirements.
Beauty and cosmectics
For an industry that relies heavily on its marketing and continued customer interaction, data regulation prohibiting companies from emailing people without consent is gloomy news.
The exceptions to this rule are businesses that have a “legitimate interest” in collecting, storing, and processing personal data.
These businesses will only have to notify their customers of the upcoming changes.
But the vague terminology means there’s a raft of sectors, including the beauty and cosmetics industry, which will likely have to play it safe and secure consent if they want to be absolutely safe from financial consequences.
Companies in beauty and cosmetics will now need to ask their customers for permission to send them news about discount offers and new product ranges, which will likely mean they retain the majority of their core market, but their outlying demographics will be harder to reach.