GDPR 101: Why did I choose a career in Data Protection/Legal Tech?
Numbers. Closing. “Aazar, thank you for helping me!”, said my customers. I love hearing these words. I always wanted to get ahead in Sales. I love talking to customers and closing the deal. However, my ex-colleagues and bosses always suggested that I have potential to become a Cofounder. Indeed, I always wanted to change the world with my own set of skills and knowledge. And after going through several job interviews and recruitment processes, I decided to be an entrepreneur instead. Better late than never, right? :)
I’ve been asking myself why data protection is so important to me since I co-founded ecomply.io. And since I have gotten a few answers and am still searching for many more, I thought I would share this with you guys to engage in a conversation that can possibly benefit us all. We, at ecomply.io, are working on automating the General Data Protection Regulation (GDPR). The GDPR is coming into force in May 2018 and threatens companies with high fines if they do not comply with this legal requirement — fines of up to 4% of the annual revenue or €20 million whichever is higher.
If you are asking — What is the General Data Protection Regulation? — check out this video that explains it in 3 minutes quickly:
So, the real question why did I choose to work on data protection? I’ll try to be very brief here.
1 — The salesman inside me always wanted an external trigger to start a conversation. Well, the GDPR has a date and a legal fine. Could there be a bigger trigger than this?
2 — I have seen in many companies that employees share internal data externally. Wait — WHAT?! Yes, that was and is illegal in many countries. Also, I’ve seen companies using data illegally, and I genuinely think these practices should be halted and supervised.
3 — After five months of research (that is ongoing), I found out that most companies have done almost nothing about their data processing activities. They don’t know how data flows within their organizations and how they are allowed to use it legally. They’ve been using employees’ and customers’ data. They have no idea how to implement it and what to do with it. What’s the purpose of using such data? How long can you keep the data?
4 — Do you know our data is not protected even from big companies like Google, Facebook and LinkedIn? We do not even realise but data generated from our social media profiles is subject to constant exploitation. Shouldn’t we do something about it? It’s all about protecting consumers’ data! Isn’t it? The Great British Brexit Robbery: How our democracy was hijacked’ just shows the tip of the iceberg of how serious and global the issue is.
5 — I think lawyers and related compliance officers are still stuck in basic Microsoft Word and Excel and there have not been many advancements when it comes to data protection compliance. A technology automation can save a lot of time and money if such people could use a handy SaaS Software instead.That is where we hope ecomply.io can make a mark.
6 — I think we are a perfect bridge between software industry, users and lawyers to make this data protection regulation work in software and make every stakeholder happy.
Why is the GDPR so important?
For Companies: If you are a part of it, then you have been processing customers’ and employees’ data. It’s about having a good grasp on personal data. You have several processes in place. Time to start keeping records of it. That’s what Data Protection Authorities are going to ask from you. Also, this will help you work on your IT Security measures. It’s a good thing — trust me (and the evidence)!
For Users: If you are a user, then the EU wants to protect your data from exploitation. You have several rights to exercise it. You will not get spams or random cold calls. Your sensitive data will be only with you, and you can ask to delete it so that they can not spam you anymore :)
But, who is the GDPR addressed to and who should work on it?
Companies from 9+ employees using data that have personally identifiable information such as name, contact details, health, finance, and many other kinds of data. If you have customers or employees in EU, this regulation definitely applies to you.
What should I do next since I know about the GDPR?
1 — Read about it on Wikipedia
2 — Ask your lawyer if it is possible and start thinking about hiring a Data Protection Officer or appointing one internally
3 — Start talking about this topic in your company meetings
4 — Google about this topic more
5 — Find out about your local Data Protection Authority and get in touch to understand about it more
6 — If you are a user, how about being more conscious about to data you share and ask to delete your data from those companies that you don’t like?
That’s all for now. More topics regarding the GDPR are coming soon. Stay tuned!