The idea is very simple: if your name, email, phone number or tax ID is requested by a company, you'll have to give your consent and have a clear and complete understanding of the purpose. If from there your info falls in the hands of another company, or is used for something other than what you've agreed to, we're in trouble.
For those who don't comply, the penalties are no joke
Fines are capped at 20 million euros, or 4% of the global annual turnover, whichever is higher. This is an extreme scenario, apliccable to the likes of Google and Facebook in case of a serious data breach. Like the Ashley Madison affair (see what I did there?). Mere mortals — or "mere bankruptables" — shouldn't come anywhere near these numbers, but for all I care a 20€ parking ticket is enough to ruin my day.
All companies must worry
Basically this applies to anything that Identifies someone, be it a client, collaborator, supplier or anyone else. And by anything I mean a site's database, emails, clients' and workers' registry, CCTV recordings, EVERYTHING!
Wherever it may be, any information that identifies you is ultimately yours, and commits whoever holds it to a range of obligations that, if you think about it, are perfectly reasonable. Just put yourself in a potential victim's shoes.
Imagine that you open a bank account, and suddenly you get an insurance company, a car dealership, an energy or comms supplier and whatever else calling you to sell you stuff you don't want after getting a hold of your phone number. Not cool, right?
Imagine that a cyber attack happens and a system that holds your personal data was wide open, poorly protected and now the whole world knows your email. Ok so a bank being that vunlerable is unlikely, but what about that online store where you bought a couple of bottles of wine last week? And what if your credit card number is part of that leak?
Play time is over. Personal data protection has to be taken very seriously now. There must be consent, transparency, limitations and accountability.
Consent, transparency, limitations and accountability
You are required, first and foremost, to explain in clear language what will happen to the personal data you collect, to what end you are collecting it, for how long you're going to keep it, and whether or not it will be handled or passed to someone else.
Even after you've collected that data, keep in mind that they have the right to, at any given moment, withdraw consent, request correction or deletion (right to be forgotten), request a collection of all the data you have on them, or even the portability of that data. All this must be explained on the moment of collecting their info, and ensured from that moment on for as long as you hold it.
Those who collect somebody's personal information must also ensure that data's security. This implies secure databases, updated software, not storing unnecessary data or for longer than it's needed. This is where things become delicate, because most sites rely on a security mechanism called CIMD - Crossed Index and Middle Finger, and the hope that they're just too small and uninteresting to blip on the hackers' radars.
Meanwhile, we have mailing lists, clients' contacts, purchase logs and who knows what else on a semi-protected database under an outdated Wordpress with known vulnerabilites.
The regulation asks for "Privacy by design and by default". This means that the systems (sites, software, etc) must be designed in a secure manner that ensures the privacy of the data they store. The regulation gives leeway to choose the approach that best suits you, but makes examples of encryption and pseudonymization. Pseudonymization means that sensitive data are spread on more than one place and tied using pseudonyms. Imagine we're talking about medical records: this X-ray belongs to the user U-319-C5. And if you want to know who U-319-C5 is, you'll have to request that info from another server. Want to know that person's address? It's somewhere else.
That way, a hacker that gets a hold on a database can't cross-reference the data without having to break in to the various systems and make the necessary connections. If a database backup is leaked, there's not much you can do with that one alone.
This approach requires some investment. First, a system with its data divided this way requires more complex development. Then it requires more than one server working together, all kept safe and in sync. It's a much higher development and maintenance cost, so it's not for everyone.
Simpler solutions will never be simple
Something more viable for most small to medium platforms is selective data encrypting. But even this isn't something you just toggle on and off in the settings.
First, there's little worth in locking a door and leaving the key under the mat. All encryption relies on a key, a password of sorts that is used in a calculation that converts a string of text into a undecipherable character salad, and vice-versa. A site's code, in order to encrypt and unencrypt data, must have that key stored somewhere. If a website is breached and they manage to extract both the database and the source-code, everything they need will be there. So, we have to get creative and devise strategies that are more effective and make our platforms really secure.
Encrypted data is also more complicated to handle. How do you search "Helder" in an encrypted list of 10.000 names? How do you keep it fast? Something as simple as getting the profile of the user with the email X requires some though.
SuperTINY's got your back
Every project is a project, and what is suitable for one isn't suitable for all. At times like these we're especially glad we've decided to go by the 100% custom development. We use open-source platforms, of course, but rarely if ever use off-the-shelf components or plugins. This allows for full control over every aspect of the projects we make, breaking us free of the limitations of whatever is available in the supermarket.
Being free to ideate, it's just a matter of good planning and getting to work.