In this age when most transactions are conducted online, many of our details too are shared online. There are some benefits to this, of course, but so are the downsides, especially in terms of privacy. The topic of privacy has already been a major point in the US after Edward Snowden leaked classified information from the NSA. The data showed just how much of US residents’ information the government collected, and that was a bit terrifying. Now, the EU is seeking to give control back to the people over their personal data. This move will be aided with the passing of legislation titled General Data Protection Regulation (GDPR).
What is involved in the GDPR legislation?
In the US, the government tends to favour business over individuals when it comes to most matters. On the other hand, the EU places more emphasis on the consumer, which is where the need for GDPR originated. Prior to this new legislation, the Data Protection Directive had been in place, but now there’s a move to repeal the legislation. The new legislation was first tabled in April 2016, and they are intended to come into effect on the 25th of May this year. It was put together by the European Parliament, European Commission and the Council of the European Union.
The main issue the legislation aims to achieve is to protect consumers’ data once it is handed over to companies. The need for data sharing is undeniable since it is the only way companies are able to operate. To this effect, GDPR will not block the sharing of information, but it places a greater burden on the companies to protect personal data once it has been submitted. The new laws will govern how companies handle data at each step of the way, then give the consumer ultimate control.
For companies, they will be required to encrypt personal data in order to protect a user’s identity. This is promoted through the separation of data so that it cannot be tied back to the owner. For example, a person’s date of birth, their location and IP address may be kept separate, but can be put back together whenever needed. Furthermore, the users will have the right to have their data deleted at any time they want.
Finally, there will be more stringent measures to guide how personal data is shared across borders. This would mean that multinational or offshore companies will have to include further compliance measures if they want to protect data from their EU-based clients.
How will GDPR affect other transactions?
Inasmuch as GDPR was only meant to protect personal data, it will surely have a ripple effect on other legislations. For example, MiFID II requires that financial institutions record personal communications through social media, email, phone and other avenues for up to 5 years. This was supposed to ensure that the records were available if and when there was a complaint by the client. How then, would these two legislations operate concurrently?
Perhaps financial institutions will have to inform their clients of the requirements of MiFID II. To achieve this, clients may have to agree that the company keep their personal data for 5 years, effectively handing away their GDPR right to control their information.
Clearly, there may be a conflict between GDPR and other legislations, and financial institutions will have to find workarounds to adhere to all of them. fortunately, the implementation of GDPR has a 2-year transition period, during which time all parties will be able to adapt to the new reality.