Five ways the GDPR will impact your tech business

 
Leaders in Tech is a group of managers and thought leaders who regularly get together to discuss current tech trends, share knowledge, learn new things and network. Our final Munich event of 2017 will be held on Wednesday 6th December in our brand new office at Lenbachplatz 1.
 
The topic this time will be all things security and data protection, including an overview of the upcoming GDPR, which will come into force on 25th May 2018.
 
This change in regulation could have any number of implications for businesses of all shapes and sizes. Tortsen Rammelmann from Solvectio GmbH will give us a more in-depth insight into the changes and their respective ramifications on 6th December, but for now, we have put together a summary of the issues we have become aware of at Austin Fraser, as we ourselves prepare for 25th May.
 
Five ways the GDPR will impact your tech business
1. Consent
The Regulation has maintained the current definition of ‚unambiguous‘ as the legal basis for consent for processing non-sensitive data. However; the new rules mean that businesses that gather users‘ data for a specific purpose will not be allowed to transfer or share this data for a different purpose without the user’s explicit consent. This could inhibit the ability of businesses to innovate with existing data. Explicit consent will also be required for the processing of sensitive data.

A consequence of the new legislation is that businesses will need to seek consent (unambiguous or explicit) more often from customers. A concern about this is that it could lead to ‚consent fatigue‘ and the kind of ‚meaningless consent‘ people provide when they click away cookie reminders on websites. The implementation phase will need to look closely at how practical consent requirements will be for emerging technologies such as the internet of things (IoT), which are not web-based and have no obvious user interfaces.
 
2. New liabilities and obligations for data processors
A significant change in the new rules is that data controllers and processors will be jointly liable for any breach of the Regulation.

Joint liability will extend responsibility beyond the companies that collect and use personal data. Cloud-providers, data centres and processors will now be liable for data held on their services. Given that data processors will have little visibility over whether the data collected by data controllers are compliant with the new Regulation, managing the legal implications of this requirement within contracts between controllers and processors will be difficult and potentially costly. This means that customers, particularly SMEs, will be faced with higher costs. Consumers will also be faced with a complex legal environment with less clarity around who is liable in the case of data breaches. National data protection authorities will need to work closely with industry to develop best practice model contracts to help streamline compliance with joint liability requirements as much as possible.
 
3. Restrictions on the use of ‚legitimate interest‘ as legal basis to process data 
Many companies currently rely on the legal concept of ‚legitimate interest‘ as a legal basis to lawfully process personal data. The new rules restrict the instances where legitimate interest can be used as a legal basis for processing. Companies will have to ensure that any data processed under this legal base is compliant with the now more restricted requirements and reflect member state law. Legitimate interest is a key enabler of the digital economy and underpins a company’s ability to combat cybercrime and fraudulent activity. Restrictions on its use as a basis for data processing could prove problematic for many businesses.
 
4. New restrictions on the use of profiling to support products and services
Many companies rely on profiling and automated decision making based on profiles, to develop cost-effective real-time personalised services that benefit customers. The new Regulation will limit the use of profiling in circumstances where its use may lead to ‚legal effects‘ and could mean that companies offering financial services, for example, are unable to use fully automated profiling, without some form of human review. Automated profiling will be allowed in certain circumstances such as fraud detection and public services, or where provided for in national law.

The new rules could be problematic for many FinTech companies as it will make it more difficult for companies to offer some personalised financial and insurance services to consumers. It could also make it harder for companies to detect and prevent fraudulent activity, which cannot feasibly be done manually.
 
5. Innovation and further processing
In a digital economy, innovation depends upon the ability to use existing data to see and understand the world differently. The new Regulation imposes stricter limits on such further processing which will make it more difficult for many organisations to drive innovation.

There are differences of interpretation about the precise meaning of this Article and how it impacts the ability of companies to develop new innovative services based on existing data. However, given the severity of fines that could be imposed if companies are found to be in breach of the Regulation, legal certainty will be essential for unlocking innovation.
 
If you would like to find out more about GDPR and the impacts on your business then join us for the final Leaders in Tech event of the year on the 6th December by signing up here.
Here is what you can expect from the night:

19:00 Arrive

19:00 – 19:30 Networking and Glühwein

19:30 – 19:45 Security Testing – A presentation by Jürgen Unterreitmayer

19:45 – 20:00 GDPR an Overview – Torsten Rammelmann

20:00 – 20:15 Live Hacker Demo

20:15 – 20:30 Q&A, Discussion

20:30 – 21:00 Networking

What a fantastic year it has been for Leaders in Tech. Our thriving community in Munich now has over 450 members, together we’ve discussed developments in IoT, Agile, and the Digital Revolution, with some fantastic speakers whilst gin tasting, BBQing on the roof terrace, and celebrating Oktoberfest. Off the back of our success in Munich we have now also launched Leaders in Tech in Berlin, Stuttgart and Reading, UK, and have plans to further expand.
Find your nearest Leaders in Tech Meetup and join the community here.