Carding Forum
Professional
More than two years ago, the General Data Protection Regulation, or GDPR, came into force in Europe. What has changed since then?
More than two years ago, on May 25, 2018, the General Data Protection Regulation, or GDPR, came into force in Europe. During the GDPR Summit Ukraine 2020 conference, Elena Kolchenogova, head of the Digital Ukraine Association, spoke about some of the results of the implementation of the GDPR into European legislation, the most common violations, as well as myths related to the protection of personal data.
Since its entry into force, the GDPR has become the benchmark for privacy issues globally. As Elena noted, 4.3 million citizens and businesses have turned to the European Commission's online portal on GDPR over the past two years (as of May 2020). According to a recent study by the FRA (Fundamental Rights Agency), 69% of the EU population over the age of 16 have heard of the GDPR, and 71% of people in the EU have heard of their national data protection authorities.
In addition, between May 2018 and November 2019, individuals filed 275,000 data protection violation complaints with the national data protection authorities. During the same period, data protection regulatory authorities made 785 decisions to impose a fine.
Here are some more interesting data from the FRA report, which the head of the Digital Association shared during her report:
According to Elena Kolchenogova, the penalties for violations of the GDPR can be different. For example, in 2020, one of the largest fines was the collection from the major Italian mobile operator Tim in the amount of 27.8 million euros. The company was fined, among other things, for the fact that operators who had withdrawn their consent to receive marketing calls continued to be contacted by operators with marketing proposals.
But a small fine of 100 euros was paid by one Austrian bank. The bank employee made a copy of the identity card of the bank client who wanted to exchange 100 euros in foreign currency and justified this with the anti-money laundering rules. However, they only apply to amounts of 1000 euros or more.
The head of the Digital Association also denied some myths related to GDPR and popular.
1. "We are in Ukraine - we have nothing to be afraid of." Regardless of where the company is located, if it processes the data of Europeans, then sooner or later, if the principles of the GDPR are not observed, it will be held liable.
2. "Fines will ruin the business." It all depends on how the GDPR requirements are implemented and applied in practice. Fines can be large or small.
3. "The data received before the introduction of the GDPR does not fall under its effect." As an example, the Italian telecom operator Tim collected data from 2017 to 2019, and as a result, the company was responsible for the entire period.
4. "The GDPR no longer gives control to the data subject."
5. "GDPR is holding back the development of IT technologies."
6. "Implementing the GDPR is burdensome for businesses." The business will have to spend money on the implementation of the GDPR and compliance with all requirements, however, firstly, the costs will depend on the size of the business. Secondly, sooner or later it will have to be done.
As a reminder, GDPR Summit 2021 took place on October 7. The conference brought together leading experts from banks, microfinance organizations, fintech and IT companies, and the public sector. The GDPR Summit 2021 was organized by the Ukrainian Interbank Association of EMA Payment Systems Members and the FinTech-magazine PaySpace Magazine. The event was supported by Moneyveo (Fintech sponsor), Nota Group, PSP Platon, Digital Ukraine.
More than two years ago, on May 25, 2018, the General Data Protection Regulation, or GDPR, came into force in Europe. During the GDPR Summit Ukraine 2020 conference, Elena Kolchenogova, head of the Digital Ukraine Association, spoke about some of the results of the implementation of the GDPR into European legislation, the most common violations, as well as myths related to the protection of personal data.
Since its entry into force, the GDPR has become the benchmark for privacy issues globally. As Elena noted, 4.3 million citizens and businesses have turned to the European Commission's online portal on GDPR over the past two years (as of May 2020). According to a recent study by the FRA (Fundamental Rights Agency), 69% of the EU population over the age of 16 have heard of the GDPR, and 71% of people in the EU have heard of their national data protection authorities.
In addition, between May 2018 and November 2019, individuals filed 275,000 data protection violation complaints with the national data protection authorities. During the same period, data protection regulatory authorities made 785 decisions to impose a fine.
Here are some more interesting data from the FRA report, which the head of the Digital Association shared during her report:
- 41% do not want to share any personal data with private companies, which is almost twice as much as with government agencies;
- 72% know the privacy settings on their smartphones. But at the same time, 24% do not know how to check the privacy settings in their applications;
- 33% do not read the terms of use for online services, compared to 22% who always read them;
- 51% know they can access their personal data held by companies.
- principles of personal data processing
- the legality of the processing of personal data
- terms of consent
- the right to be forgotten
- right to object
- processing safety.
According to Elena Kolchenogova, the penalties for violations of the GDPR can be different. For example, in 2020, one of the largest fines was the collection from the major Italian mobile operator Tim in the amount of 27.8 million euros. The company was fined, among other things, for the fact that operators who had withdrawn their consent to receive marketing calls continued to be contacted by operators with marketing proposals.
But a small fine of 100 euros was paid by one Austrian bank. The bank employee made a copy of the identity card of the bank client who wanted to exchange 100 euros in foreign currency and justified this with the anti-money laundering rules. However, they only apply to amounts of 1000 euros or more.
The head of the Digital Association also denied some myths related to GDPR and popular.
1. "We are in Ukraine - we have nothing to be afraid of." Regardless of where the company is located, if it processes the data of Europeans, then sooner or later, if the principles of the GDPR are not observed, it will be held liable.
2. "Fines will ruin the business." It all depends on how the GDPR requirements are implemented and applied in practice. Fines can be large or small.
3. "The data received before the introduction of the GDPR does not fall under its effect." As an example, the Italian telecom operator Tim collected data from 2017 to 2019, and as a result, the company was responsible for the entire period.
4. "The GDPR no longer gives control to the data subject."
5. "GDPR is holding back the development of IT technologies."
6. "Implementing the GDPR is burdensome for businesses." The business will have to spend money on the implementation of the GDPR and compliance with all requirements, however, firstly, the costs will depend on the size of the business. Secondly, sooner or later it will have to be done.
As a reminder, GDPR Summit 2021 took place on October 7. The conference brought together leading experts from banks, microfinance organizations, fintech and IT companies, and the public sector. The GDPR Summit 2021 was organized by the Ukrainian Interbank Association of EMA Payment Systems Members and the FinTech-magazine PaySpace Magazine. The event was supported by Moneyveo (Fintech sponsor), Nota Group, PSP Platon, Digital Ukraine.
