GDPR: what’s good for your customers is good for you

Jolette Roodt|14 February 2018
GDPR: what’s good for your customers is good for you

Organizations from across Europe – and, in fact, the rest of the world – would be forgiven for seeing compliance with the European Union’s General Data Protection Regulation (GDPR) as just another burden on their already overstretched resources. The European finance industry has barely cleared its previous regulatory hurdle of the Revised Payment Services Directive (PSD2) kicking in a month ago, and now GDPR is demanding their full attention. Is there light at the end of this tunnel?

The bad news

To comply with the new requirements of GDPR, organizations that handle customer data need to make sure they implement the following measures:

  1. Before using a customer’s personal data, the organization must request that customer’s consent in an intelligible and easily accessible way. The customer must also be able to withdraw this consent easily.
  2. Customers, if they ask, must be informed if their personal data is being processed by the organization, and for what purpose.
  3. The organization may not refuse customers when they request a file of their personal data in order to give this data to a different organization.
  4. The organization must keep the data that they store and process, as well as the number of persons that access this data, to an absolute minimum.
  5. Customers must be informed of a data breach within 72 hours of the organization becoming aware of the breach.
  6. The organization must, if the customer requests it or withdraws their consent, erase that customer’s personal data from their records and stop using or distributing their data.

Organizations that do not have these measures in place by 25 May 2018 can expect to be fined heavily (up to $28 million).

While GDPR is a creation of the European Union, its requirements apply not only to businesses located in Europe, but to any business in the world that stores or processes the personal information of EU citizens. This makes GDPR a bigger deal, in many respects, than PSD2. Even Facebook is overhauling its privacy settings to bring them in line with GDPR’s requirements – a move that is now imperative given that consumer watchdogs in France, Spain and Germany have already fined the organization for unauthorized data usage.

The good news

The introduction of GDPR will mean better data protection – an undoubted win for customers. And while, on the surface, this regulation may appear to bring nothing but trouble for organizations, there is actually a long-term upside to it for them as well.  

When your brand is what customers see when they are asked for consent to use their personal data, your brand will be what they associate with the feeling of empowerment those requests give them. Your branding will be a visual reminder of the fact that they are protected, that they are in control. This creates a relationship of trust. Furthermore, since GDPR requires non-repudiable proof of all responses to consent requests to be stored, any disputes over consent can be easily resolved.

Central to a successful implementation of GDPR compliance will be how you choose to ask your customers for consent. With Entersekt’s technology, providing or refusing consent is as easy as accepting or rejecting a push-based request on the mobile device. The customer is never subjected to cumbersome and time-consuming authentication processes, while our strong public-key cryptography ensures that all consent responses are digitally signed for your records.

Complying with GDPR can either be no more than your next regulatory headache, or it can offer you a whole new way of interacting with your customers. You can race against time to meet all of the GDPR requirements by May – or you can choose a partner with a proven track record of making organizations’ authentication wishes their command.

About the author

Jolette Roodt

Jolette Roodt

Writer/Analyst

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.