GDPR - Are You Affected?
14th June 2018
This blog on Legal Matters is provided by LifeLot – Your Online Digital Safe.
Securely store and share your information with your important people when it’s needed.
Ten? Twenty? Thirty or more?
I've lost count, but that's OK. I've been able to unsubscribe from heaps of mailing lists that I'd forgotten I was on, and ones that I'd never signed up for.
Ditto deleting old accounts that were just gathering dust and which could end up being hacked at some point.
Thank you very much, European Union and the General Data Protection Regulation (GDPR) that kicked into effect last month, for that.
The GDPR privacy rules have really rattled the cages of site admins all over the internet, and not before time.
Some of the reaction to the GDPR has been rather strange, like American newspapers blocking access to EU readers - and the Washington Post creating a special, non-ad-tracking subscription tier for Euro readers.
Instead, GDPR is a warning shot that you have to take people's privacy seriously.
Furthermore, the EU insists that you do so, albeit in a gentle fashion to start with.
As tech and intellectual property lawyer Rick Shera of Lowndes Jordan points out, the EU regulators have indicated that they will work with businesses and to educate them, before handing down significant fines if GDPR rules are breached.
What is the GDPR?
You, as a data subject, now own your data. Some of your personal data consists of socially oriented categories that contain things such as race, ethnicity, gender, bio-data, sexual orientation, and political and religious opinions, which cannot be handled without your consent. As a user, you have certain rights that are set to safeguard your freedom and help you control your personal data. It is the controller’s responsibility to ensure that your rights are respected according to the Regulation. Your personal data can only be stored for the time frame necessary to the purposes of the collection. Read more here.
New Zealand is in a good position when it comes to the GDPR, as our privacy laws are not that far away from the EU regulation, Shera said.
As such, NZ privacy settings are well-respected by EU regulators. Unless NZ businesses have significant presence in the EU, they're unlikely to be targeted by regulators in the economic and political bloc for GDPR reasons.
All's safe then, and you can just ignore the GDPR and carry on as per before? Absolutely not.
"What the GDPR will do though is focus attention on whether there really is a lawful basis to collect information in the first place, and after that, whether that lawful basis continues," Shera explained.
That means NZ organisations should have applied the same rigour as their EU cousins need to do when it comes to information collection, storage and processing.
Unfortunately, the likelihood of any real penalties being applied has resulted in lackadaisical compliance, despite the Privacy Commissioners' best efforts over the years, Shera said.
New Zealand could follow in the footsteps of the EU and apply stiff, GDPR-style fines for breaches which means collecting user data in case it's useful is probably not a great idea.
"Why increase your risk by collecting and keeping information you don't really need?" Shera correctly asks.
Then there's the real sting in the GDPR tail: "the GDPR grants individuals the right to take their own action, without having to wait for a regulator," Shera says.
EU personal privacy rights guerilla Max Schrems was quick off the mark to do just that, and took legal action against Google, Facebook, Instagram and WhatsApp under the GDPR, in France, Belgium, Germany and Austria.
Schrems alleges that the four service providers are in breach of GDPR statutes, and should be penalised. By how much? Based on the four per cent of global revenue formula set out in the GDPR, the companies could in theory be liable for €8.9 billion ($15b) in penalties.
It's unlikely that Google and Facebook will be fined anywhere near that much given who they are and the EU regulator's stated intentions of working with organisations rather than penalising them to start with.
But, the threat is there and unless you're in Finland and Norway, you can't insure against GDPR fines. Take the GDPR intentions seriously in other words, and realise that privacy matters.
What private information can the LifeLot admin team see?
The team at LifeLot can see your first name, surname and the email address you used to create your account. We are also able to see whether you have documents uploaded to your account but we will never be able to see the documents. For example, if you have uploaded your will or birth certificate, LifeLot staff will be able to see that the document/s are uploaded, but we will never be able to view, open or edit any of your documents.
The only time any of your documents can be viewed by anyone else, is if you have given shared access to a Trusted Professional.
You can read more about this feature in the Professionals section.
If at any time you have concerns or questions regarding your privacy or the security of your account, please contact us immediately.
Read previous informative and interesting Blog Posts from LifeLot
Why It’s Important To Organise And Share All This Stuff With Someone
Life is full of twists and turns. Planning and gathering together all these jigsaw pieces now will relieve a lot of stress later. Whether you’re recovering from surgery, involved in an accident, or embarking on the one adventure every human must eventually take into the great beyond. This info will come in handy for you in every day life, your family and loved ones. By organising and sharing the location of all these things you’re helping yourself to become more efficient, engaged in your life and your family can easily take over if needed.
It's simple to set up, free to try, and it can make a world of difference for your family if something happens to you.