Secure Privacy Leverages New GDPR Ruling To Help Companies Comply
The European Union recently passed a new landmark General Data Protection Regulation (GDPR). This launches the region a shift where companies have to consider the protection of private information, and how it can be regulated. Essentially, it has created a new niche that Dan Storbaek has taken advantage of to launch a startup, Secure Privacy, which will help companies realize the goal of complying with this new regulation. We had a chat with the founder into what the new regulation means and how his startup is going to navigate the space.
GENERAL DATA PROTECTION REGULATION
Our first question to Dan Storbaek is what the regulation really means, when it takes effect and how Secure Privacy shapes into the whole scenario. He says, “GDPR (General Data Protection Regulation) is new landmark privacy regulation by EU. It goes into effect in all EU member states by May 2018 and is a seismic shift in how companies should deal with private data. Very early, we realize in our company Skarpline (startup) how massive this is as we’d been having issues of our own.”
This realization sparks a new momentum at Skarpline and the company decides to build Secure Privacy.
“In short, SecurePrivacy (secureprivacy.ai) help clients to make their website GDPR compliant,” he remarks. “Instead of seeing this as a compliance issues, we took it as a business opportunity. E.g. are you using Google Maps, Google Analytics, Facebook ads or similar? Then you are tracking visitors and most likely also EU citizens. Unlike other GDPR/Privacy software vendors, our products is a simple as entering a website URL to get started. It’s basically about doing 1) a website scan 2) setup intelligent and granular notification and 3) monitor website changes and notifications accordingly.”
Skarpline has been specializing in a lot of ‘fast moving technology’ as he calls it. It was therefore easy to move into this new space created courtesy of the landmark regulation and begin to pioneer the space.
“We are first movers with significant technology established, e.g. deep scanning (1000+ plugins across 50+ categories), screen grabbing technology, fingerprint technology/identification and more,” he says. “Now moving into AI. The solution that we are providing at Secure Privacy is tailored around GDPR to ensure companies avoid the UX nightmare when they implement GDPR solutions on their website,” he continues.
GDPR’S EFFECTS AND WHICH COMPANIES SHOULD BE MOST CONCERNED
Around the world, thousands of startups handle private data about people. It is not just startups, massive companies like Apple, Google, Facebook, Amazon, etc. all store private information about citizens.
“GDPR does not only affect EU companies. It involve any company dealing with data about citizens. Who would be most likely to have that? US tech companies are in the top. Think ad tech companies, e.g. Facebook and Google. They have massive amount of data,” Storbaek comments. “They can’t specify why they needed it, only to state they need to show an ad 6 months later. Those who should be most concerned are 1) those not realizing how comprehensive it is and 2) have lots of data 3) don’t have an overview of their systems, data and what/why they collect the data 4) don’t care what’s coming from the other side of the Atlantic ocean.”
Like any other technology or idea, common misconceptions exist. While in the startup world these misconceptions can sometimes be ignored and services keeprunning even in new makets, Dan says that startups and companies around the world should protect the data of its customers. He lists for us the misconceptions in GDPR as follows:
- Many don’t know about it. A survey of 1350 companies around the world by cybersecurity consulting firm NTT this spring found that a lot of them have no clue about this yet.
- People think it involve EU companies only.
- Pre-checked checkboxes are not allowed (not affirmative action).
- Some think it’s the cookie law over again. It’s much more than that. GDPR doesn’t care about cookies. It cares about how you handle your data. Cookies are to be eaten. Not to be stored.
- Consent: One of the big concepts that GDPR morphs is consent. Companies already need consent to process someone’s data, but until now they only had to ask once, and that covered all uses. Not anymore. GDPR’s ‘unbundled’ consent means getting separate permission to use customer data for different things, such as marketing, maintenance, fraud checks and support. Documentation is also stricter: businesses must record when that consent was given. Neither can service providers assume consent by ‘pre-ticking’ boxes and forcing people to untick them. Instead, they must make consent clear in legal contracts.
- Right to erasure: Any consent a customer gives isn’t automatically forever, either. Another key change under GDPR is the right to erasure (sometimes called the ‘right to be forgotten’). It lets individuals withdraw consent, meaning that a company would have to delete any information it held about them. Those concerned that their data is inaccurate can also restrict its processing instead of requesting its deletion, essentially freezing it while they sort things out.
- Many sees it as a compliance issue and not as a business opportunity. The most innovative companies will increase trust and gain from this.
- People focus on gathering consent. But GDPR mandates that people equally easy should be able to opt-out of consent. We support that.
CONSEQUENCES OF NON-COMPLIANCE TO GDPR
“Fines are up to 4% of global turnover or EUR 20 million – whichever is greatest. Think 4% of Google’s turnover (not profit),” he remarks.
It is more than clear that the fines are immense. For existing companies who had not complied, before this new regulation comes into effect from May 2018, there is remedy and a timeframe to salvage yourself. As the founder says, “Companies who have gathered data in the past years cannot use this data without getting NEW relevant regulation-specific consent from their users.”
EFFECTS ON SMEs AND STARTUPS
For startups who might not have as much turnover and cash in the bank as Google or Facebook, because of the magnitude of the fines, it gets even worse when you do not comply. The emphasis is usually to operate within the confines of laws governing your region or country. GDPR is definitely one of those.
Storbaek recommends, “Get consent from your EU citizens. Think how you manage data and how you can gain business with European companies. Complying automatically sets you apart from your competitors. It will spread to other countries, so better be serious about it now than dealing with it later when you could have lost a couple of business opportunities already.”
SECURE PRIVACY’S BENEFITS FOR COMPANIES
As a new startup, Secure Privacy is obviously going to be needed in the coming few months by companies looking to comply with the GDPR. While you can your needs sorted in terms of compliance, Storbaek says there is a lot more you can get from the Secure Privacy service, and he lists these benefits as follows:
- Get to our website and scan your website of legal risks.
- Avoid a UX nightmare
- A granular consent system, which can be tailed to show notifications (legal and non-legal).
- Simple cloud setup.
- Documentation and reporting options.
- Visual screenshots with our screen grabbing technology of the actual consent being made.
- Opt-out functionality with a widget placed on your privacy page.
SECURE PRIVACY’S PLANS FOR THE FUTURE
As we conclude our chat with the founder, we delve into what the field looks like for the company as it treads through this new challenge. He goes ahead and lists for us what the future goals for Secure Privacy are:
- To build technological partnerships with both European and American Privacy companies.
- To expand sales overseas in US.
- To open more offices in the EU and US.
- Being in the forefront of technology, we’ll continue to leverage this. Expanding our efforts into machine learning and AI.