Most startups to find going tough after EU data norms

Posted May 25, 2018

It's May 25th and that means the world's most sweeping privacy law, known as the GDPR, is now in effect.

The GDPR is an effort to transfer more control over personal data, like addresses and phone numbers, from large companies back to individuals, affecting how companies obtain, use, store and secure data.

We've all received emails from companies asking to stay in touch with us for weeks now, but why is it happening? If you leave your address there then it will auto-fill each time you enter a competition and if you win a prize then that address will be passed on to the third party for them to send the prize to, but not for any other objective. Following scrutiny of its data practices, Facebook had also promised that it would make the controls it introduced for GDPR available to users worldwide.

Mr Schrems, head of a new privacy lobby group noyb (None of Your Business), accused Facebook of "blackmail" for giving users only two options: accept the new rules - and hand over more data than needed to operate the service - or deactivate their account.

And even if they don't understand exactly how to comply with the new rules - because they are a little bit vague - experts say that they at least have to make a good-faith effort to get consent from people in the European Union to collect and use their information.

FDA Gives First Approval To Non-Opioid Treatment For Withdrawal
Lucemyra works by reducing the release of norepinephrine, a chemical in the body believed to play a part in withdrawal symptoms. The new compound itself is not without side effects; Lucemyra can cause dizziness as well as low blood pressure and heart rate.

"If you are generally good with data protection, you are probably going to be alright with GDPR ... my concern is the companies that have never even thought about this and now are scrambling", said Richard Merrygold, data protection expert. The regulation expands the scope of what companies must consider personal data, and it requires them to closely track data they have stored on European Union residents. "Enforcing its laws, Russian Federation has banned access to LinkedIn since 2016 and threatens to block Facebook in 2018 unless it agrees to comply with the data localisation laws".

Chairman of the watchdog, Max Schrems, even draws parallels between Facebook's actions and North Korea's election process: "Facebook has even blocked accounts of users who have not given consent". Other companies are just telling you about their new privacy policy. Google is embedding video (from its YouTube service, of course) to further explain the concepts.

Requests for personal information a company holds on you must be responded to within one month, with some allowances for extensions. Some are obvious, such as to fulfill contractual obligations - for instance, when an insurer pays out a claim. Effectively that comes down to either being able to show a reasonable basis for needing to do so (for example, in order to deliver something you have ordered), or having your consent. It also gives users some additional rights, such as the right to not give all their information to a service but still be allowed to use it.

And the rules force companies that suffer data breaches to disclose them within 72 hours. "Starting today, organisations must take a positive and ethical approach to advertising and customer personalisation that will rebuild and then strengthen the relationship with customers". Part of the problem is that the rules are so complicated that companies may find it hard to know for sure if they comply.

The punishment: The worst offenders can be fined up to 20 million euros ($23 million) or 4 percent of their revenue from the prior year, whichever is greater. Until now, there has been little incentive for companies to protect customers' personal information.

Recently in Economy