Privacy, personal data and the GDPR explained simply
Nina Gosse is a lawyer in the De Gaulle Fleurance and associates firm, she specializes in intellectual property but also in personal data and the GDPR.
We are therefore discussing with her this famous GDPR (regulation relating to data protection) or GDPR (General Data Protection Regulation) which will be active this week.
Ok, the subject is not super sexy and you have seen a lot of articles on the subject I imagine.
However, your personal data is an essential part of today’s “digital” society. We therefore tried with Nina to approach the GDPR in the most “uninhibited” and most understandable way possible.
Just to convince yourself of the interest for you personally, look at what happened in China for example.
They announced that they were setting up a scoring system to distinguish who is a good citizen and who is a bad one, all based on your daily actions and therefore your personal data.
We are not in China but first of all, tomorrow it will be the 1st world power so we cannot sweep the information aside by saying to ourselves that it is “just” a dictatorship and at the same time, I think it is interesting to look at what is happening elsewhere to realize what could happen in Europe of course.
Without going to this extreme, the development of the digital economy, the preponderance of algorithms, State activities, smart cities,… all that concerns us here and now.
GDPR without the hassle
The RGPD (not “the RGPD as I said at the beginning of the podcast for that matter) is the general regulation relating to data protection. => Duplicate
In reality, the GDPR does not represent a revolution but is a continuation of the previous directive of 1995 and of our French law (the Data Protection Act). However, this Regulation introduces certain important changes, and in particular stronger obligations for companies, accompanied by much higher financial penalties.
This regulation aims to adapt the law to the evolution of society. However, many organizations (public and private) not being in compliance with the previous law, the latter experience it as a real big bang.
Companies must now be able to continuously prove that they are in compliance with the regulations.
On the other hand, there is a strengthening of the rights of individuals, for example the portability of personal data from one service to another.
For example, as Nina points out, switching your music preferences from Spotify to another service. (for the telephone it is not the manufacturer, you can take the example of a service of mails to another however?
There are far too many shortcuts being made, for example as Nina explains, the GDPR does not change anything about the consent that was already present. This is just reaffirmed in order to remedy certain practices.
It is a corporate responsibility, more rights for individuals but also an obligation to get started.
The GDPR can be an opportunity to generate trust in reality, and be a source of shared value.
You have nothing to hide but….
In general when we talk about personal data, the answer we receive is “anyway, I don’t care, I have nothing to hide myself”.
As Nina explains, in a world in which many companies’ business models and their valuation are based on the use of personal data, it is obvious that, if we do not stop them, brands will sort of recover as much as possible to sell them later
Ultimately, it is about personalizing products and services or even value propositions, which can be experienced as something very positive.
However, as soon as we touch on sensitive subjects: your health, your romantic relationships, it all becomes more complicated.
For example, if you tell your close friends about an illness through personal messaging or email, how would you react if your insurance called you the next day to tell you that they were increasing your contributions?
How would you manage the fact of having to share your daily number of steps with your insurance to be able to have a better price?
There are obviously many examples and all the more so with connected objects, from the voice assistant to the connected car (for the record Waze potentially knows your speeding tickets).
In the age of smart cities (connected cities), the most sensitive point may be the data owned by governments which are sometimes poorly protected and very centralized, therefore “easily” hackable and accessible. Until the situation in China cited in the introduction….
It is therefore necessary to be lucid of his personal data and for those who process this data to be responsible.
Getting into compliance: a challenge for small structures
We only think of GAFA when we think of GDPR, but in reality, they are the most capable of complying simply because they have the financial means.
It is ultimately a greater challenge for influencers and in general for small structures.
Because indeed, the GDPR does not distinguish between large companies and self-employed, everyone must be in compliance.
It will be necessary to create new forms for newsletters for example and the CNIL helps companies as much as possible to do this with a dedicated page which helps to better understand what needs to be done. The CNIL is rather in a constructive approach and the date of May 25 is not a cut-off date.
She has put together a lot of free online content and help.
Somehow, the GDPR is also the opportunity to instill a culture of data in a company even if the start can be difficult.
AI, blockchain and data protection
These “new technologies” present new challenges vis-à-vis data protection, of course, and in particular artificial intelligence.
Concrete example of the problem: the GDPR imposes to process only the data which is really necessary (data minimization) but, this is almost opposed to artificial intelligence and machine learning since the very principle of an algorithm is to win relevance by processing as much data as possible.
In the case of public blockchains, the right to be forgotten is necessarily problematic since the idea is to keep all the data even if everyone has a right of control over their own data, as Nina points out.
Suffice to say that there are many new challenges to come regarding our data and that this step is certainly not an end point but rather the mark of the beginning of a serious reflection on the subject.
Gregory Pouy is the founder of LaMercatique, a digital transformation consulting firm focused on the marketing part. Based between New York and Paris, he is a marketing “expert” for FrenchWeb.fr. To follow his writings and exchange with him
Special GDPR / Data Protection Officer (DPO) day on September 20
FW will meet up with digital managers and decision-makers on Thursday, September 20 in Paris, for a full update on the strategic role of the DPO.
The new General Data Protection Regulation (GDPR), implemented last May, provides for the presence of an IT and Freedom Correspondent, or Data Protection Officer.
- Which companies are affected?
- Who is this famous DPO?
- What are his skills?
- Is it a brake or a business accelerator?
These are all subjects that we will discuss on this special day. To register, click here, (150 participants maximum).