According to “global data governance and ethics” company Acxiom, there are five common misconceptions regarding compliance to GDPR, the European body of law on personal data, which will be enforced beginning May 25.
Misconception: GDPR will only affect Europe-based organizations
Data is global. That is, data is globally-harvested and globally-stored. If any part of the data your organization uses was captured in Europe, or is hosted on European servers, GDPR may apply.
Furthermore, some of Europe’s top trading partners are considering establishing similar regulations in the future.
Fines for non-compliance to GDPR could amount up to €20 million, or 4% of global annual revenue, whichever is highest.
Misconception: GDPR only covers personal data that can identify a person
According to Acxiom’s legal team, GDPR does not differentiate between any kind of data provided by a person and that which can be used to identify them. As compliant companies must be able to remove all the user data upon request, they must be able to link identifiable and non-identifiable data to a profile.
Misconception: A “Legitimate interest” clause exonerates companies from requesting user consent
While the law does consider the possibility of “legitimate interest,” a situation in which the company uses personal data in the user’s best interest before they consent to it, there is not a clear-cut way to determine when this is the case. It is expected that, when in doubt, judges will rule in favor of explicit consent.
Despite no evidence about misappropriation of personal data, Acxiom was one of the partners of Facebook that cut ties with the organization as a response to the Cambridge Analytica scandal. Until the announcement, Acxiom provided data to Facebook, not the other way around. The decision is expected to severely hurt Acxiom results and stock prices for the year.
Read the full list by downloading “GDPR: What U.S. Companies May Be Getting Wrong” (PDF, requires sign-up).
This Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.