Back to blog

How the Data Giants Became GDPR Compliant

Avatar
Written by
Alex Margolin
| May 17, 2018
Mobile Phone Image
Table of contents

In just a few days the General Data Protection Regulation (GDPR) takes effect. Many wonder how the data giants of the world will maneuver  the inevitable scrutiny to be faced once the regulations are implemented by virtue of the vast quantity of information collected and stored.

Once the GDPR goes into effect, these data giants will have to prove that the changes they made to their companies ensure an individual’s right to access, edit, download (in machine readable format) and remove all of their personal information with ease.

Facebook Privacy Policy Changes

Facebook manages a tremendous amount of personal data for over 2.19 billion users worldwide, with 2.74 billion active monthly users, making it the largest social media site and one of the largest data giants in the world.

In recent months Facebook has transformed their data management policies drastically. This can be attributed to a combination of the impending GDPR, as well as the recent Cambridge Analytica scandal revealing that a political consultancy group had harvested the personal information of over 50 million Facebook users.

One of the main changes Facebook implemented to ensure compliance and transform data management practices is ensuring all users understand their data collection practices and provide explicit consent  to continue collecting their data. The new changes to the Facebook Privacy Policy detail exactly how the information collected is used, however the policy also makes opting out more challenging for individuals as revealed in a recent TechCrunch expose.

These changes give individuals much more control over their personal information, such as the providing individuals with an easy way to view and download all of their personal information from the site, including photos and posts, move them from the social media site and even delete them entirely. Facebook also allows users to opt in or out of their facial recognition feature and block targeting based on behavior exhibited outside the social media site.

Overall, these changes are a step in the right direction and other companies managing personal information will have no choice but to adapt their policies and practices accordingly.

LinkedIn – How the Largest Professional Network Tackles Compliance

LinkedIn, the largest professional digital network in the world, stores and manages personal information of over 546 million users, many of which are European citizens. As a large processor of personal data, LinkedIn has modified their platform to ensure GDPR compliance at all levels.

To meet one of the top GDPR concerns, LinkedIn has created a new way for individuals to download all of their personal data without a formal request. The new policy recognizes that “your LinkedIn data belongs to you” and lets users easily select what data files they want to download.

LinkedIn also simplified deleting personal information by ensuring complete deletion once a “close account” request has been made. As part of the minimization policy, LinkedIn also expresses to users what information they collect (all of which is available for download).

Much like Facebook, the new privacy policy LinkedIn implemented is available to all LinkedIn users worldwide, strengthening the notion that we are entering a new era of data security and information management.

The Biggest of the Big – Google gets GDPR Ready

While Facebook and LinkedIn store and manage their fair share of personal information, no other company has as much control of personal and sensitive information as Google.

Google recently revealed their commitment to the GDPR and the various steps that they have taken to ensure complete compliance. Some of the steps include the new deletion feature for all google cloud platform users, ability to export information and more.

In addition to ensuring they meet the rights to access, deletion and portability, Google directly addresses the use of sub processors as part of their compliance policy. Since under the GDPR, Google would be directly responsible for sub-contractor violations, the company has committed to rigorously screen all subcontractors to ensure they can deliver the security and compliance levels demanded by Google (and the GDPR).

Since personal information shared via email is also subject to the GDPR, Google has unveiled a new service to further protect information shared via email – a “confidential mode” that makes it difficult to forward, copy, print or download information received via gmail. Additionally, Google has adjusted its cloud services to ensure all information stored via Google’s cloud is done so in a GDPR compliant way.

Like Facebook, much of the changes made by Google were designed to clarify what information is collected, how it is used, and to get explicit consent from users to continue using cookies, processing personal data, personalizing ads etc. Google’s new EU User Consent Policy also provides clear instructions for users to remove their consent as well as what third parties have access to their information and how to remove that as well. The Catch-22 situation here is that failure to comply will result in limited account activity or account suspension.

The GDPR is Here – Are you ready?

While the data giants are going to be under in-depth scrutiny by the GDPR authorities, they aren’t the only ones who have to comply. Every company that processes information about European citizens – whether they are clients, employees or users  – will have to ensure the information is stored, managed and collected in compliance with GDPR.

While the GDPR is only enforced for EU citizens, companies that want to show their clients and employees they care about their information will follow in the footsteps of the giants and ensure the new policies apply to everyone. Many also believe that other countries will follow in the footsteps of the EU soon and implement their own data privacy laws, making it a soon-to-be global issue.

As for us? We’re here to help you manage your growing global workforce and payroll management needs while keeping 100% GDPR compliant.

Contact Papaya today for more information about how our platform can help you meet the new regulations by managing your employee information in a way that is both secure and compliant.

Get Free Enterprise Playbook for Global Payroll

See what business outcomes you can get from automating global payroll

Download Free Playbook
Calculate gross to net cost
Explore compliance laws in 160+ countries
Find the right employment model overseas with the decision tree

Boost productivity
and performance

Papaya’s global payroll technology thinks about everything. So you can focus on what matters–your business.

Get a Demo

Related posts

Employee Data Processing
Security

Employee Data Protection – Legal Obligations and Practices 

Protecting employee data is crucial for any business. Therefore i's important to ensure that your organization has the right systems
Read full story
Data_processing_agreement
Security

What is a GDPR Data Processing Agreement?

A DPA ensures that the company is compliant with applicable laws and regulations regarding data protection. Here is everything you
Read full story
Compliance

5 Countries to Legalize Same-Sex Marriage & Its Implications for Payroll

If you’ve ever heard a grumpy singleton bemoan that “marriage is just a savvy business arrangement anyway”, you’ll know that
Read full story

What are you looking to do?

Hire Employees
Pay Employees
Manage Contractors