General Data Protection Regulation (GDPR) was approved by the EU Parliament on April 14, 2016. The enforcement date is May 25, 2018, which means that GDPR must be adopted by every firm in Portugal that handles personal data by May 25, 2018.
A business that holds details of past, present or potential clients, will need to ensure that it is operating in a manner compliant with the GDPR, or those organisations in non-compliance may face heavy fines of 4% of their global turnover or €20 million, whichever is the higher. This is EU-wide regulation in which the UK also played a major role in writing the legislation, designed to harmonise data privacy laws across Europe and the rest of the world.
The rules emphasise data security should be appropriate and adequate, so it’s up to individual firms to decide what is adequate for their business based on the data they hold, how it is processed and industry standards.
It is easy to assume GDPR is just about protecting people from unsolicited marketing and guarding against identity theft. However, it is far broader than that. Big data is big business. There are companies collecting, storing and using vast amounts of highly personal data about every aspect of our lives.
As we have seen very recently, the way Facebook groups and segments its users provides a powerful set of advertising tools with which to target its two billion users (according to www.statista.com). This example alone shows how times have moved on since the EU data protection legislation bestowed in the Data Protection Directive of 1995.
We now know some airlines manipulate the price of flights based on how often you visit their page. The cookie they store in your browser tells them to increase the price each time you visit the page to pressure you into buying. Clear your cookies in your browser settings and the price will drop down again. In fact, according to the European Commission, researchers in Spain found that when shopping with artificially created online profiles, prices varied depending on the wealth of the person shopping. The wealthiest online shoppers were offered the same set of headphones at around four times the price of the least wealthy. Airline tickets varied by 166%. This is personalised pricing by stealth.
The Guardian newspaper reported that Experian in the UK, which holds data on 44 million UK citizens, was hacked in 2015, bringing international attention to the scale of security breaches. Nonetheless, protecting data has always been a key aspect of regulation. The ways in which data is processed, particularly profiling and targeting for sales and marketing purposes, has radically changed since the growth of the internet in the mid-1990s. GDPR attempt to acknowledge those changes.
Whether you are a firm or an individual client, you must be on top of your GDPR and knowledge of what your rights are. The fines for firms can quite easily bring their business to a close and individuals must take more seriously the scope and reach of their enquiries for new products and services. Make sure your adviser has the integrity of their business and your interests set out comfortably within the principles laid out by the GDPR.
This article is intended to provide a general review of certain topics and its purpose is to inform but NOT to recommend or support any specific course of action.
Raoul Ruiz Martinez
|| features@algarveresident.com
Raoul Ruiz Martinez is a resident and independent consultant for Finesco Financial Services Ltd., Glasgow and advises clients on private financial matters in both the UK and throughout Europe under the MiFID regulation. Finesco Financial Services Ltd is authorised and regulated by the Financial Conduct Authority (FCA). Some of the services provided are not regulated by the FCA because they are not included within the Financial Services and Markets Act 2000. | 289 561 333
