May 19, 2018 |

What The GDPR Means For The Sharing Economy

As you may have seen in recent headlines -especially if you live in Europe- the General Data Protection Regulation (GDPR) is set to roll into effect on May 25th, 2018. The GDPR is a new set of laws first adopted by the European Parliament and European Council in 2016. Businesses have had two years to prepare themselves for the new regulations.

As the name suggests, the GDPR deals with data use in Europe and includes new rights individuals have to their own data, as well as mandatory guidelines for businesses handling user data. If a company collects data on any person in Europe, they must comply with these regulations. Businesses must take extra care to ensure that they are compliant with the new regulations. GDPR authorities have promised to levy heavy fines against companies that don’t fully comply with the new rules.

Sharing economy businesses, in particular, must prepare early-on for compliance with the GDPR. Sharing platforms’ rely on user data to survive, as their users must be able to view information about other users before deciding to engage in a transaction. Entrepreneurs must adjust their business strategies and resource allocation to fully comply with the GDPR. Those worried about compliance may want to contract out their data storage and management to an outside firm that they know is fully compliant with the GDPR – such as deemly. Sharing startups must also plan ahead for the addition of a Data Protection Officer to their teams. GDPR authorities have signaled that they will levy heavy fines against companies that do not comply with the new rules. Sharing entrepreneurs should take note because large fines have the potential to sink their businesses.

Under the GDPR, certain companies and public authorities processing large amounts of data must add a Data Protection Officer (DPO) to their team. DPOs train a companies staff in best data security practices, serve as a point of contact between the company and GDPR Authorities, and have many other compliance-related responsibilities. Adding a new, senior-level staff member can be costly, but luckily the same DPO may service multiple entities as long as that DPO is easily accessible to each company.

The demand for DPOs might give rise to specialty consulting firms that contract out DPOs to companies.

What Does The GDPR Mean For End Users?

In general, users will have more control over how their data is collected and used. Companies must be more transparent about their processes with their users and must ask user consent before collecting data. The GDPR is extensive, so we’d like to focus on a few, key provisions in the regulations.

The Right To Be Forgotten

Prior to this provision, companies could store user data indefinitely. Now, users have the right to request that their collected data be totally destroyed.

Over the past few years, there has been a stream of data breaches into government institutions and major companies. For instance, the Equifax data breach affected over 147 million consumers in the United States. Hacks like these put millions of individuals’ personal data at risk and make them vulnerable to identity theft.

Say a similar breach happens to a European company and affects half the individuals whose data the company collects. Users who no longer trust a company with their data can have it destroyed. Ideally, this will incentive companies to better protect their user data, since it’s a potential source of revenue.

Data is more valuable than ever.

Advertising agencies, government institutions, political campaigns, and many other kinds of businesses pay a premium to businesses to access their user data. Prior to the GDPR, companies could store user data indefinitely. Soon, companies will be more accountable to their users and have an incentive to keep their data secure to avoid losing it.

The Right To Data Portability

In addition to the ‘right to be forgotten’, companies must now provide users with their personal data in an easily accessible and transferable format. Moreover, at user request, they must also send a user’s data to another entity – even a competitor.

Ideally, this will allow consumers to switch service providers relatively easily. They can simply pick up their data and register with a competitor if they aren’t satisfied with the service they’re receiving. Like the ‘right to be forgotten’, this will incentivize companies to provide the best service possible to avoid both losing valuable user data and paying customers. Businesses will also reduce onboarding costs by being able to more quickly integrate a user’s preferences into their system.  

If you’ve been following us for awhile, you know deemly is all about data portability. We’re excited that it will be easier than ever for users to move their data from one platform to another, and hope that this will accelerate growth in the sharing economy.

Despite our best predictions, we will have to wait and see what happens after the GDPR rolls into effect this May.