How the Data Giants Became GDPR Compliant
Alex Margolin| May 17, 2018
In just a few days the General Data Protection Regulation (GDPR) takes effect. Many wonder how the data giants of the world will maneuver the inevitable scrutiny to be faced once the regulations are implemented by virtue of the vast quantity of information collected and stored.
Once the GDPR goes into effect, these data giants will have to prove that the changes they made to their companies ensure an individual’s right to access, edit, download (in machine readable format) and remove all of their personal information with ease.
Facebook manages a tremendous amount of personal data for over 2.19 billion users worldwide, with 2.74 billion active monthly users, making it the largest social media site and one of the largest data giants in the world.
In recent months Facebook has transformed their data management policies drastically. This can be attributed to a combination of the impending GDPR, as well as the recent Cambridge Analytica scandal revealing that a political consultancy group had harvested the personal information of over 50 million Facebook users.
These changes give individuals much more control over their personal information, such as the providing individuals with an easy way to view and download all of their personal information from the site, including photos and posts, move them from the social media site and even delete them entirely. Facebook also allows users to opt in or out of their facial recognition feature and block targeting based on behavior exhibited outside the social media site.
Overall, these changes are a step in the right direction and other companies managing personal information will have no choice but to adapt their policies and practices accordingly.
LinkedIn – How the Largest Professional Network Tackles Compliance
LinkedIn, the largest professional digital network in the world, stores and manages personal information of over 546 million users, many of which are European citizens. As a large processor of personal data, LinkedIn has modified their platform to ensure GDPR compliance at all levels.
To meet one of the top GDPR concerns, LinkedIn has created a new way for individuals to download all of their personal data without a formal request. The new policy recognizes that “your LinkedIn data belongs to you” and lets users easily select what data files they want to download.
LinkedIn also simplified deleting personal information by ensuring complete deletion once a “close account” request has been made. As part of the minimization policy, LinkedIn also expresses to users what information they collect (all of which is available for download).
The Biggest of the Big – Google gets GDPR Ready
While Facebook and LinkedIn store and manage their fair share of personal information, no other company has as much control of personal and sensitive information as Google.
Google recently revealed their commitment to the GDPR and the various steps that they have taken to ensure complete compliance. Some of the steps include the new deletion feature for all google cloud platform users, ability to export information and more.
In addition to ensuring they meet the rights to access, deletion and portability, Google directly addresses the use of sub processors as part of their compliance policy. Since under the GDPR, Google would be directly responsible for sub-contractor violations, the company has committed to rigorously screen all subcontractors to ensure they can deliver the security and compliance levels demanded by Google (and the GDPR).
Since personal information shared via email is also subject to the GDPR, Google has unveiled a new service to further protect information shared via email – a “confidential mode” that makes it difficult to forward, copy, print or download information received via gmail. Additionally, Google has adjusted its cloud services to ensure all information stored via Google’s cloud is done so in a GDPR compliant way.
Like Facebook, much of the changes made by Google were designed to clarify what information is collected, how it is used, and to get explicit consent from users to continue using cookies, processing personal data, personalizing ads etc. Google’s new EU User Consent Policy also provides clear instructions for users to remove their consent as well as what third parties have access to their information and how to remove that as well. The Catch-22 situation here is that failure to comply will result in limited account activity or account suspension.
The GDPR is Here – Are you ready?
While the data giants are going to be under in-depth scrutiny by the GDPR authorities, they aren’t the only ones who have to comply. Every company that processes information about European citizens – whether they are clients, employees or users – will have to ensure the information is stored, managed and collected in compliance with GDPR.
While the GDPR is only enforced for EU citizens, companies that want to show their clients and employees they care about their information will follow in the footsteps of the giants and ensure the new policies apply to everyone. Many also believe that other countries will follow in the footsteps of the EU soon and implement their own data privacy laws, making it a soon-to-be global issue.
As for us? We’re here to help you manage your growing global workforce and payroll management needs while keeping 100% GDPR compliant.
Contact Papaya today for more information about how our platform can help you meet the new regulations by managing your employee information in a way that is both secure and compliant.