Consumers can expect better protection online as the European Union (EU) implements stronger data protection rules that effectively cover companies across the globe, according to global leader in IT security Trend Micro.
The General Data Protection Regulation (GDPR) took into effect on May 25, requiring companies and other organizations operating in the EU, wherever they are based, to exercise greater transparency and vigilance in accessing and collecting consumers’ personal data.
“GDPR is a good development for both users and companies alike,” Trend Micro Director for Technology Marketing Myla Pilao said.
“For one, compliance with the stricter rules on data protection spurs consumer confidence amid the growing threat of cybersecurity breaches. It also levels the playing field for companies by deterring unfair access to consumer data.”
What is GDPR?
The new regulation is considered as the most important change in data privacy regulation in 20 years, drastically reshaping businesses worldwide. It exacts greater transparency from organizations that process personal information and, at the same time, grants consumers more control over their data.
“GDPR essentially empowers consumers to determine what data they will share, who will have access to such information and how companies can process and use them,” Ms. Pilao said. “Accordingly, consumers can better protect themselves online.”
As consumers wield more control over their data, user consent becomes an important factor for data processing to take place or even to continue.
Companies, as data controller must therefore use “concise, transparent, intelligible, and easily accessible” forms when asking consumers to agree to privacy terms and conditions or data collection and processing. They must also disclose the purpose or legal grounds for data processing, the categories of personal data collected, possible recipients of the data, and the period when the data will be stored.
Consumers can restrict data processing if certain conditions apply. Addressing the automated way personal data is used for decision-making, the GDPR adds a provision where data subjects can opt out of automated data processing, including profiling.
GDPR also allows consumers to correct any information they have previously allowed to be collected, pursuant to their “right to rectification.” Meanwhile, they can exercise their “right to erasure” or “right to be forgotten” to delete their personal information from data controller’s database without undue delay.
In addition, consumers can receive and transmit, in a common and machine-readable format, their personal data to another company, through the “right to data portability” provision of the GDPR.
“As they wield more control, consumers share more responsibility of knowing and protecting their data, making them partners of the organizations with whom they have entrusted their data,” Ms. Pilao said.
How does GDPR affect the Philippines?
The new regulation applies to all organizations that operate in the EU and/or processes the personal information of EU citizens, regardless of their size or location. In this light, companies based in the Philippines but engaged in businesses involving EU citizens must comply with the regulation.
“We see the GDPR pushing other countries, including the Philippines, to improve their respective data privacy regulations,” Ms. Pilao noted. “It is effectively making state-of-the-art data security the new standard across the globe.”
Trend Micro underscored the benefits of adopting the higher standards on data protection for both consumers and companies, including call centers in the Philippines, as data analytics takes on a bigger role in doing business.
Compliance to the GDPR reflects an organization’s sincerity to providing fair, legitimate and secure services. Allowing consumers to make well-informed decisions on their privacy and personal data improves satisfaction and loyalty in the long run.
“Recent data breaches have propagated consumers’ distrust of companies,” Ms. Pilao said. “The GDPR, which promotes state-of-the-art cybersecurity, should strengthen company and consumer relations.”
The regulation recommends the installation of advanced security solutions to enhance data protection. Companies should also perform penetration tests and vulnerability checks to mitigate possible data breach or loss in the future.
“We are advancing into the digital age, where data is a valuable resource for companies seeking to learn more about their customers,” Ms. Pilao said.
“Access to such information, however, comes with the responsibility to ensure the consumers’ privacy and protection from cybercrimes. Approaches and attitudes towards cybersecurity would have to evolve and keep up with the changing security landscape.”