SELISE Takes a Steep Approach Towards European Data Privacy Laws
March 6, 2016
SELISE continues to engage with more and more organizations from the financial sector, ranging from large insurance companies to fintech startups. These companies naturally require comprehensive data protection measures throughout their entire value proposition. The European Union (EU) is arguably the world’s strictest jurisdiction when it comes to protecting data, and comprises of a substantial part of SELISE’s customer base. Therefore, when SELISE decided to tackle the issue of privacy and data security, it only made sense that the benchmark was set to that of the EU and nothing less. Switzerland, where SELISE has its headquarter, is closely following EU standards, however, is yet less restrictive.
This prompted SELISE to launch a set of activities in August 2015 for the entire company to ensure a comprehensive and thorough appreciation of elements pertaining to privacy and data protection.
These activities include:
- Concern relationships between the headquarter in Zürich and its subsidiaries in Asia;
- Compliant contracts between suppliers and employees;
- Group wide policy setting and creation of awareness among the employees;
- Formal training and education.
In respect to the final point above, SELISE was proud to welcome Mr. Yves Roger Gogniat, Attorney at Law working at Die Advokatur Sury in Lucerne Switzerland, to the Dhaka headquarters on the 13th February, 2016. Mr Gogniat, who is also a lecturer at the University of Applied Sciences in Zurich, where he teaches data privacy to Swiss CSE students, held a professional workshop on Privacy and Data Protection.
The workshop focused on three modules:
(1) Why Data Protection?
(2) The upcoming General Data Protection Regulation (GDPR)
(3) Data Protection in other parts of the World.
SELISE CEO, Mr Julian Weber, inaugurated the event at the Dhaka office premises while senior developers and architects, the entire business development team, product managers and QA engineers actively participated.
The first module adequately covered the basics of privacy and data protection. It reviewed the relevant laws currently in place by the European Union and Switzerland, the principles of European Data Protection, and also outlined under what circumstances the processing of personal data would be considered lawful.
It was reiterated that protection of personal data is a fundamental EU right and Directive 95/46/EG (Data Protection Directive) sets a minimum standard which is expected to be adhered to. The module also covered the fact that everyone has the right to decide for what reason which information about him/her can someone process, and which types of data are generally categorized as personal data (age, address, credit balance, sexual orientation, etc) and sensitive data (sexual orientation, Religious Denomination, medical history, etc).
The module ended with a discussion of data processing and when it can be considered lawful, with Mr. Gogniat citing that merely storing user data (without any kind of transmission or use) itself requires the concerned entity to be aware of the data protection laws.
The second module of the workshop focused on the upcoming EU Data Protection rules that are to become law in 2018- the General Data Protection Regulation (GDPR).
The GDPR will effectively impact every entity that holds or uses European personal data, both inside and outside of Europe. This means, after the laws become enforceable, even if an application has non-EU roots and is hosted on non-EU servers, but merely interacts with EU citizens, they would be subject to its backlash if the proper measures are not adopted. A key element of the GDPR is that it not only gives rise to increased compliance requirements, but that these are backed by heavy financial penalties.
The GDPR, as SELISE understands, is not merely a compliance or legal issue, and is much more intriguing- business entities must learn to adopt entirely new strategies and approaches in the way they collect and use personal information of the users.
SELISE Business Developers and Product Managers considered this awareness about upcoming changes in the laws absolutely necessary. With two years remaining till the GDPR comes into effect, SELISE must have a clear foresight so as to be better prepared for what the future may hold.
The third module covered Privacy and Data Protection policies in other parts of the world, mainly in the USA and the implications of such on the market.
USA, a country that has some basic data protection acts active, but is much more relaxed when compared to the EU, could benefit even more by attracting tech startups still in their infancy or tech giants experimenting with new technology (e.g. Google’s glass, self driving cars or smart home electronics) . When doing business from a location such as the US, this basically would mean that these companies can devote more time to creating value than to fret over compliance and legal issues. For this reason, technological diffusion between EU and the rest of the world could be severely impeded in the future as the increased compliancy requirements will act as a potential barrier to entry for many tech start-ups. As a result, the USA, among other countries, could prize away such new tech with its less stringent data protection policies.
Mr. Yves Gogniat concluded his presentation with a question and answer session, enabling the audience to get added clarifications on any residual confusions. The workshop was designed to have a hands on discussion at the end of the three modules. Once the official session was concluded, SELISE CPO Mr Rajiv Hassan took the center stage and initiated a dialogue. Impromptu case studies came to life, and the audience actively discussed bottlenecks and success stories from past and current projects, marking a successful end to a high-voltage session.
At the end of it all, the whole SELISE family had the pleasure of inviting Mr Gogniat to a pizza party at the Dhanmondi Pizza Hut. SELISIANs, thus, were able to go home with full stomachs and a timely reminder of the importance of Privacy and Data Protection and how it impacts their company in creating value for the customers.
With SELISE ECAP hosted on AWS Frankfurt, SELISE is already providing SaaS and custom SaaS from within the European Union complying with the Standards set forward by the EU commission.