EAE News
-
Experiencia EAE
Data protection: “The GDPR sets penalties of up to 10 million euros”
25 de February de 2020
How do companies use our data and how can we protect it better? Find out with the Telefónica executive, Miguel Avellaneda
How can we protect personal data?
The protection of data and its use (or misuse) at a business level was the focus of the discussion at the Madrid Campus of EAE Business School in a session presented by Miguel Avellaneda Díaz, the Director of People Analytics in the Human Resources Department of Telefónica, on 18th February. The delicate balance that need to be struck when processing the personal data that we give to companies and the most common mistakes that are made, also at a user level, were among the aspect covered in a session designed to raise the participants’ awareness of the fine line between data protection and the violation of personal privacy.
“Every action that requires personal data to be gathered, processed or even consulted that strays from its initial purpose runs the risk of committing a crime”.
The recommendations made by Avellaneda during his presentation highlighted the lack of training given in an area as important as privacy. Every action that requires personal data to be gathered, recorded, modified, deleted or even consulted that strays from its initial purpose runs the risk of committing a crime, warned Miguel Avellaneda.
That is at least the case since the application in Spain of the European Union’s General Data Protection Regulations (GDPR), a pioneering piece of legislation designed to standardize personal data protection across Europe, while also imposing harsher penalties for non-compliance.
“The new regulations set penalties of up to 10 million euros in minor cases and up to 20 million for serious offences”.
Under these regulations, in 2019, the giant British Airways faced a fine of 205 million euros for suffering a cyber-attack on its customer database. The new regulations set penalties of up to 10 million euros (or 2% of the company’s annual turnover, whichever is higher) in minor cases, and up to 20 million (or 4% of turnover) for serious offences.
However, these large-scale security beaches should not distract us from the day-to-day problems we face in this respect, warned Avellaneda. He explained that simply losing a laptop or pen drive with sensitive information on, or mistakenly sending personal data by email to a third party in a company could leave you facing a fine under these regulations, particularly if you do not notify the Data Protection Agency of the incident.
But what do we mean by personal data? Any information on your geolocated whereabouts and your IP (electronic device identifier) right through to the unique personal codes you receive at work or from the public administration, even your medical records, which are classified as the “most sensitive” data under the new regulations.
“Data can be used by companies on the condition that they explain to the user what they are requesting the data for”.
Of course, this data can be used by companies on the condition that “they explain to the user what they are requesting the data for and what it is going to be used for”. According to Avellaneda, data is gathered for “a specific purpose”. “They are processed and then, after a reasonable period, they have to be deleted”.
“It is not your data, it is your customers’”, clarified Avellaneda. He went on to discuss “data cemeteries”, long-term warehouses for customer and personal data that is kept “just in case”, but which also breach these European regulations.
“Data protection will gradually increase at a global level”.
The future of our data seems to be in safe hands in the European Union. But Miguel Avellaneda believes that data protection will also gradually increase at a global level. This is a trend that has already begun and is demonstrated, in Avellaneda’s opinion, in the projects under way in Brazil and certain states of the USA, such as California.
However, in view of the avalanche of doubts and queries that arise when we process data, Avellaneda advised using common sense. “If you stop any think and have a dilemma regarding how to use this data, if you apply some common sense, you’ll generally get it right”, he concluded.