Since its enforcement, GPDR has been impacting on almost every industry. While some organizations are GDPR compliant, there are others who are still struggling or shutting down some of their websites while others are blocking users from the EU region. Generally, GDPR compliance can be an expensive and long process that requires overhauling or taking down an entire non-compliant system.
For example, Uber Entertainment had to take down the Super Monday Combat game which they said would be very costly to re-write or migrate to a GDPR compliant platform. Currently, the company says that it is very difficult to delete the personal data from the program which was written in 2009.
Other companies such as Gravity Interactive, makers of the Ragnarok and Dragon Saga games, decided to take a different approach by blocking the users from the EU region from accessing the non-compliant games.
As the GDPR came into effect in May 2018, over 100 US-based news sites had to block visitors from the EU region. Some may have given access after redesigning their sites while some are still inaccessible.
GDPR compliance challenges with privacy techniques
Complying with GDPR is an exhaustive and ongoing process that requires teamwork and dedication. Although there are several techniques that aid in complying, there is a wide range of factors that may put private data at risk. In services such as IoT, video surveillance, smart cities, car, and bike-sharing services, wearable and medical devices, audio recordings and others, there is always a need to collect, process and store a lot of personal information.
Most of these services require multiple different providers, contractors and subcontractors as well as devices, sensors, and technologies. Although the organization may have good policies and techniques to comply with GDPR, ensuring that other parties are complying with GDPR is a big challenge, especially if providers are based outside the EU region. In particular, when there is a need to send data to countries outside the EU, organizations may have problems ensuring that the networks and storage systems are compliant.
Under GDPR, recording audio and video face a number of challenges. Users must give consent while the company must be clear about where they will use personal data. Unless required by law or sector-specific regulations such as in the banking industry, organizations that use such information for quality purposes, for training or other non-specific purposes will have some problems. In particular, they need to give reasons and justify why they need to do video or audio recordings.
In addition, they need to develop policies that govern the recording and use of personal data while outlining how to obtain consent.
Data Trust Approach
While larger organizations have the means and resources to comply with GDPR, small businesses may not have the ability to do so. However, they can use other approaches such as data trust. This helps the smaller organizations to comply without incurring huge costs or sacrificing the value of their data.
Basically, the data trust is a legal arrangement that enables an organization to entrust the management of its data to a third-party provider and ensure that it is compliant. The trust relies on cloud services, cognitive computing, and analytics to remove all personal identifiers hence ensure privacy.
The organization that owns the data grants the provider or trustee rights to access and modify the data, remove personal information of the EU citizens, decide on who accesses the data and for what purpose. Consequently, individuals or organizations can legally delegate the task of complying with GDPR to a trustworthy third party data trust provider.