Welcome back to the last page of the 2021 'My Data Protection Diary'.
Another challenging year is now over... For each of us there will have been days full of success and others full of challenges that have accompanied us in during the seasons this year.
For the last page of my diary for 2021, I will talk about the news from the world of data protection that has fascinated and amazed me the most in the last 12 months.
Have you heard about the 'WhatApps case'? I am sure that 99% of you, however, use it daily, indeed it seems to be almost essential ... how many of you could live without it? I imagine, not many...
And if there have been a lot of challenges in the last 12 months for us all, the Irish supervisory authority (SA) have faced a fair few additional challenges…
WhatsApp is one of the most used apps in the world, allows its users to stay in touch wherever they are. At the end of the summer 2021, it was fined € 225 million for failing to comply with the basic principles of the General Data Protection Regulation (GDPR): WhatsApp had not adequately described its legitimate interests to data subjects for the processing of personal data, as required under article 13 (1) (d) of the GDPR.
Wow... € 225 million fine for all of this!
Pen in hand and open ears, ready for my session with Kellie. Join us too, top tips and information from our expert is on its way.
K.P.: An excellent question I would say, given that the WhatsApp case was not the only one in this area during 2021.
The personal data referred to often includes the user's name, surname, or e-mail address, as well as any non-essential cookies, such as those used by Google Analytics.
- The type of data collected (e.g. Name, e-mail);
- The identity and contact information of the individual responsible for data protection within the organisation;
- Details of any third parties who will have access to this data (e.g. Facebook, Google);
- The purposes for which the data is collected (e.g. advertising, sending newsletters, statistics);
- Users' rights.
In addition to this information, the document must be written in a concise and simple language. If WhatsApp is used by children (under the age of 18 in the UK), the information contained within the document must also be understandable to them.
Creating a Policy which complies with GDPR requires detailed work from the organisation. When we do this, we work very closely with the team to ensure we understand what data processing takes place, and why, so that the policy correctly reflects their activities. The cost is not perceived to be competitive when compared with a template that can be purchased online and your company name inserted to make you ‘compliant’. What's the biggest risk Kellie?
K.P.: Excellent question, the template is a potential risk which could lead to authorities fining organizations. And why?
A template downloaded online is certainly more convenient, but the risk associated with its use is high, let's examine why:
- The template is pre-prepared and therefore it is not relevant or tailored for all sectors, because the needs of your company will be different from those of another in another sector.
G.P.: From a marketing perspective, let me say that if you want your product or service to be high quality, you have to make sure that your processes also comply with regulatory standards and are professional.
People buy your brand and therefore the process behind it.
At the end of my chat session, Kellie could you list us which top tips to avoid fines like the case of WhatsApp?
K.P.: I love to share useful top tips, Giulia.
I will share the most essential ones from a data protection point of view:
- If you are tempted to download a ready-made template for its affordable price, remember that WhatsApp has been fined € 225 million for not complying with the GDPR.
It's not just about ticking a box though, proper consideration of the information you share with your stakeholders means you'll build a good, trusting relationship with them and they won’t be concerned about what you are going to do with their data.
Thanks Kellie for our last session together for this 2021.
It was nice to get useful information on current topics that interest us all.
Thanks to you who have read the pages of my 2021 diary ... stay tuned, something new is coming for 2022.
In the meantime, I hope you toast your successes this year and recharge your batteries ready for 2022.
Merry Christmas and Happy New Year!