No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

What Does GDPR Compliance Have in Common with Sex Education?

5 Steps to Ensure You’re Doing it Right

by Bill Tolson
May 2, 2019
in Data Privacy, Featured
illustration of businessman peeking around corner

And now that I have your attention… there really is a link between the two incongruous topics in the headline. Archive360’s Bill Tolson explains.

Perhaps you remember sitting through a class in high school billed as “sex education,” yet finding it dealt so indirectly with the topic that it was difficult, if not impossible, to discern the pertinent details that would help you understand what you really needed to know in this area. When faced with a real-life situation, many of us thus stumbled in blindly.

If you know anything about the General Data Protection Regulation (GDPR), then you’ll see the close analogy here. While the regulation has been in effect for almost a year now, many companies are still failing to grasp and act on the necessary details to stay compliant — the equivalent of closing their eyes and hoping for the best.

Dan Ariely, Duke professor of psychology and behavioral economics, expressed this concept succinctly in relation to big data when he tweeted:

“Big data is like teenage sex: everyone talks about it, nobody really knows how to do it, everyone thinks everyone else is doing it, so everyone claims they are doing it…”

The fact is that this astute truism fits the GDPR just as well. Many organizations aren’t addressing GDPR compliance at all. The proof of that assertion is in the complaints: As of the end of the first month of 2019, the European Commission reported that since May 2018, when GDPR went into effect, they have logged a mind-boggling number (95,100) of gripes related to organizational data practices — including email, telemarketing and video surveillance — as well as over 40,000 notifications of breaches and hundreds of cross-border violations. This is true, despite the high fines that companies face for noncompliance.

And in fact, the threat of financial repercussions is real, as many companies have already been on the receiving end of noncompliance fines. Industry analysts have suggested that only around half of organizations are expected to be GDPR compliant by the end of this year — foolish for the other 50 percent, since enforcement of the regulations will continue to escalate.

How steeply will it escalate? A look at what has happened to date holds a clue. If you were among those last May wondering how aggressive member states of the European Union (EU) would be in targeting companies that failed to protect data, you didn’t have to wait long for an answer. Analysts had originally speculated that when it came to smaller firms and organizations without big names, EU members would show mercy and give these types of companies some time to adjust to the regulatory mandates, so that they could gradually put technology and processes in place rather than be prosecuted immediately for violations. This prediction of leniency has not turned out to be the case — neither for either big-name nor under-the-radar companies.

Within hours of the GDPR taking effect, tech titans Facebook, Google, Instagram and WhatsApp received almost instant privacy complaints that could result in penalties of as much as $9.3 billion in total. And just months after the regulation’s enactment, EU citizens went after some of these same behemoths, including Facebook, Google and Oracle (not to mention smaller players), showing that GDPR has sharp teeth. Google, for example, got hit with a $57 million fine on multiple counts, including lack of valid consent regarding personalization of ads, lack of transparency and inadequate information.

In terms of non-big-name organizations, there are countless examples of steep fines being levied for data privacy infractions, such as:

  • When a small Austrian company captured too large of a public forum in its public camera feed, it was fined.
  • A Portuguese hospital got dinged a painful €400,000 for employees accessing patient data improperly.

These examples suggest that a shift in rules about public surveillance is in order, as are stronger measures enforcing user controls and internal access. Why, though – when the evidence is clear that GDPR is being enforced and companies are being fined – are so many organizations ignoring these realities and so few organizations doing what’s necessary for compliance? I can offer a few educated guesses on this:

  • Some companies that should be following the regulations but don’t have facilities in the EU may still erroneously believe that GDPR does not apply to them.
  • Other firms may incorrectly assume that they have years before EU members begin fining non-multinationals.

These suppositions just aren’t true — if even one EU citizen feels disgruntled with your data privacy policy in relation to the GDPR and files an online complaint against your organization, you could find yourself added to the list of fined offenders above. If someone files a complaint, you’ll find yourself in the spotlight as EU member authorities target you to explain in detail about your data collection and data retention practices on EU citizens. So while closing your eyes and hoping for the best may be an easier approach, it’s not a smart one — especially with the California Consumer Privacy Act (CCPA) poised to take effect.

The good news is, you have a major advantage over those poor teens sitting in sex ed who didn’t have the information they needed to feel empowered and educated; the information about how to stay GDPR-compliant has been widely published, is readily available and awaits your action. As a reminder, at the almost one-year anniversary of GDPR’s initiation, here are five of the most important steps you can take to protect your company from noncompliance fines:

  1. Hire or designate a Data Privacy Officer (DPO). Be sure to list this individual on your website with his or her contact information. If you don’t, it’s a red flag for people trolling company sites hoping for a victim based on GDPR noncompliance, since companies that lack a DPO are seen as a sitting duck for a quick payday.
  2. Be sure your organization’s information management system has clear policies in place that support GDPR compliance functionality.
  3. Include information for customers about how to opt in and opt out on any collection forms that gather personal information.
  4. Consider data sovereignty requirements around data movement.
  5. Consider the right to be forgotten and determine how you would conduct secure deletions if requested or required.

Ready to move from claiming you’re doing it right (or praying you are) to getting the job of GDPR compliance done? Flying blind is no way to travel; savvy companies know better and have implemented an end-to-end solution for information management and archiving. Take the next step and learn to approach data collection and management with GDPR in mind.

This post was originally shared on the Archive360 blog and is republished here with permission.


Tags: California Consumer Privacy Act (CCPA)GDPR
Previous Post

IBM, Thomson Reuters Introduce Powerful New AI and Data Combination to Simplify How Financial Institutions Tackle Regulatory Compliance Challenges

Next Post

OFAC Enforcement Action Underscores Russia Sectoral Sanctions

Bill Tolson

Bill Tolson

Bill Tolson currently serves as Vice President for Archive360 and is focused on the archiving, migration, governance, regulatory compliance and cloud-based storage of data. Bill has extensive experience in e-discovery and archiving/information governance from both a marketing and customer perspective.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
black and white profiles of donald trump and vladimir putin

OFAC Enforcement Action Underscores Russia Sectoral Sanctions

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT