Dataconomy
  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
Subscribe
No Result
View All Result
Dataconomy
  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Get Your Data Privacy Act Together; the EU Has Reached a Consensus

by Marcin Grabiński
January 28, 2016
in Data Science, Retail & Consumer, Technology & IT
Home Topics Data Science
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail

In politics decision making takes time, especially when there is a lot at stake. In Brussels, home of the European Union, this has been the case for the new EU data protection package.

Last June, the EU Civil Liberties and Justice Committee (aka LIBE) entered “trilogue” negotiations between the EU Parliament (representing us, the citizens), the EU Commission (the government of the EU) and the EU Council (all 28 heads of EU member states’ governments) on the proposed changes in Data Protection regulations. On the 17th of December 2015 LIBE announced that all parties have finally reached agreement consensus.

Table of Contents

  • The major points of the package are:
  • How easy is it to ‘forget’?
  • we consent to having our data used for system testing?
  • Impact on testing/development

The major points of the package are:

  • Explicit consent: Companies that want to use personal data for purposes other than delivering the service for which their clients provide the data, must seek formal, written permission from the client for such use. No more “general data processing” tick boxes. Instead, companies will need “explicit consent.”
  • Right to be forgotten: In some instances, like when the data has been collected during a time when the data subject was a minor and in need of parental consent, data subjects have a “right to be forgotten.” Their personal data must be removed from IT systems, including those in test environments.
  • Privacy by design: All IT systems must be “privacy ready.” Data protection must be by design, not as an afterthought.
  • Onerous fines: Failure to comply will be met with massive fines, up to 4 percent of the offender’s global turnover. For large global companies, this could amount to billions.
  • Timeframe: Upon enactment, companies will have two years to adopt.

As the LIBE rapporteur, Jan Albrecht put it, “The regulation returns control over citizens’ personal data to citizens. Companies will not be allowed to divulge information that they have received for a particular purpose without the permission of the person concerned. Consumers will have to give their explicit consent to the use of their data.”

How easy is it to ‘forget’?

The new rules coming into force with the arrival of the EU Data Regulations pose a major challenge for all companies that collect and store personal data. Take for example the “Right to be forgotten.” To be able to execute on this law it requires companies to be in control of where any personally identifiable information (PII) resides within their systems. This might sound pretty simple, but it’s far from it; organisations not only need to consider their own back-end databases and backups, but they also need to consider any data being used by outsourcers, partners or cloud service providers they’re working with. In many cases, data could even be in use outside of the EU—in the systems of an outsourcer developing mainframe applications for the business, for example. This would instantly create a breach of the new EU regulations unless the proper controls were in place.


Join the Partisia Blockchain Hackathon, design the future, gain new skills, and win!


we consent to having our data used for system testing?

Explicit consent seems simple. We all know the tick boxes that we already see when doing business online. But do we ever read and understand what our data is collected and used for? What data do these online services need to deliver the service request and what kind of data is collected that has ‘purposes other than delivering the service for which the clients provide the data”? Do we consent to the latter?

Translating this issue from legal into IT lingo, we can take testing as an example: testing applications with real personal data will require an explicit consent of the end customer. If customers were to reject to the usage of their data in testing it could severely impact application testing. Complex applications, such as those developed for the mainframe, are often tested using live customer data in order to create an impression of how they’ll perform in the real world. However, this practice is already unlawful when businesses have not treated the data as personal and put stringent controls in place, not to mention informing people what their data will be used for beyond “normal business.” This is even more significant when the data is being used by third-parties, such as outsourcers. Unless the business has explicit consent from the customer for their data to be handed to an outsourcer and used in controlled testing environments, they’ll be in direct breach of the new EU legislations and face a painful fine.

Impact on testing/development

Alarmingly, research by Compuware indicates that many businesses lack a clear understanding of how their testing practices will be impacted by the new data protection legislation. A fifth of firms do not mask or protect customer data before sharing it with outsourcers, with the vast majority of them relying on non-disclosure agreements that in essence do not satisfy even current data privacy regulation. It is therefore extremely important for all businesses to start looking at their testing practices to ensure that they can comply with the “privacy by design” demand of the EU laws.

If any real personal data is used for testing, it’s high time to start protecting it with a test data privacy project to ensure compliance with the existing as well as new EU regulations. There is absolutely no excuse for continuing to use unmasked customer data in testing projects, and those that continue to do so will have nowhere left to hide when the EU legislators come calling.

Like this article? Subscribe to our weekly newsletter to never miss out!

Follow @DataconomyMedia

Tags: data privacyData ProtectionEU Data RegulationsEuropean UnionLIBE

Related Posts

AI Asmongold video: In the Athene AI Show, a Twitch streamer's funny deepfake revealed and people love it. So how did this happen? Keep reading and find out.

AI Asmongold may have been one of the very first examples of AI streamers

February 6, 2023
What is business process transformation

Mastering the art of efficiency through business process transformation

February 6, 2023
Google starts testing its ChatGPT rival AI chatbot called Apprentice Bard

Google starts testing its ChatGPT rival AI chatbot called Apprentice Bard

February 7, 2023
Artificial intelligence in education: Examples

How AI improves education with personalized learning at scale and other new capabilities

February 3, 2023
What is ChatGPT Plus, and how to get it? Learn its features, price, and how to join ChatGPT Plus waitlist. Is it worth it? Keep reading and find out

ChatGPT Plus: How does the paid version work?

February 2, 2023
AI Text Classifier: OpenAI's ChatGPT detector can distinguishes AI-generated text

AI Text Classifier: OpenAI’s ChatGPT detector indicates AI-generated text

February 2, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

LATEST ARTICLES

AI Asmongold may have been one of the very first examples of AI streamers

Mastering the art of efficiency through business process transformation

Google starts testing its ChatGPT rival AI chatbot called Apprentice Bard

How AI improves education with personalized learning at scale and other new capabilities

Cyberpsychology: The psychological underpinnings of cybersecurity risks

ChatGPT Plus: How does the paid version work?

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy
  • Partnership
  • Writers wanted

Follow Us

  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.