About GDPR
The new EU data protection regime extends the scope of the EU data protection law to all EU and foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier also for non-European companies to comply with these regulations.
|
In Startup Ecosystem Context
For context, GDPR applies to
- all government digital services that are handling individuals data (EU citizens), including students, talent, entrepreneurs, investors, mentors, speakers etc.
- all support service functions and organizations digital services recording user data and users transactions, like; CRM's, event systems, job boards, discussion forums, productivity tools, investor networks, application processes, social networks, etc.
- all existing companies, new companies and startups providing or building digital services for individual users
"The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify regulations for international businesses by unifying the requirements for data protection across the EU."
Under EU rules, you have the following rights or obligations:
As an Individual:
|
As a Data Controller:
|
"According to the European Commission, by 2020 the value of personalized data will be 1 trillion euros, almost 8% of the EU’s GDP. Global data economy is predicted at 3 trillion."
GDPR In Practise
- The spirit of the GDPR is to enable users to have better practical rights to control their data. To have their data for them, to have it removed, make it portable between services and more.
- However users need tools to be able to do so AND there needs to be connections between services and these tools build OR it will not be very practical for user or services, and therefore benefits would be very limited
- With good tools and connectivity, the data management, control and flow can be real time, automated and multidirectional between services, while also being GDPR compliant and really enforcing the spit of the regulation
A person shall be able to transfer their personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller. Both data that has been 'provided' by the data subject, and data that has been 'observed' — such as about their behaviour — is within scope. The data must be provided by the controller in a structured and commonly used Open Standard electronic format.
Benefits of GDPR
What are the benefits of GDPR related to entrepreneurship, innovation & startup ecosystems.
European Wide Coverage
Effective since 25 May 2018, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable. A single set of rules will apply to all EU member states.
"Organizations that fail to achieve compliance could be fined up to 4% of annual revenue or €20,000,000 (whichever is greater)"
Sources: European Commission 2018 reform of EU data protection rules, Data protection and Wikipedia
"Organizations that fail to achieve compliance could be fined up to 4% of annual revenue or €20,000,000 (whichever is greater)"
Sources: European Commission 2018 reform of EU data protection rules, Data protection and Wikipedia
"We believe that the model of how digital services are build today with multiple barely maintained user accounts with poor data in various systems, will need to change into user-centric "User Accounts As A Service" with quality data & API connections between users and their preferred services."