Subscribe
EN

Data Protection in the European Union

Author: Lasha Mikautadze

Digital Media Manager

United Nations Global Compact Georgia Network

With the advent of digital transformation and the era of artificial intelligence, data protection has become increasingly crucial and has garnered more attention on the EU’s political agenda. The EU General Data Protection Regulation (GDPR) is the cornerstone of the regulations, which involves protecting personal data. The EU’s General Data Protection Regulation sets an important standard worldwide in protecting privacy rights, information security, and compliance with statutory requirements.

The GDPR was introduced in May 2018. You may remember when the heads of Google and Facebook were summoned to the European Parliament and inquired in detail about their use of data protection. There was a risk of third parties misusing general data, so regulations that would protect consumers and guide companies in collecting, storing, processing, and sharing data were needed.

The first and most important thing determined by the GDPR is consent. Companies must obtain consent from individual users before collecting any data about them online. This is followed by data minimization – companies must inform users that only general data is collected about them on the platforms and for what purposes this general data will be used. Transparency is also important; businesses must be transparent and clearly explain to customers how they use data. The right to access and delete data – the user must have the right to access and delete their general data. Data Security – businesses must implement all necessary measures to protect personal data.

Corporate sustainability ensures that businesses are aligned with current sustainability challenges without compromising the needs of future generations. Sustainable consumption, decent work, and fair pay are directly linked to the UN Global Compact’s Forward Faster program, which tackles the abovementioned issues.

The intersection of general data protection regulation and sustainability is important regarding data reduction and resource efficiency – companies should only utilise data that will reduce storage and processing expenditure, reducing, in turn, carbon footprint and energy consumption. Also, the data transparency mentioned above creates customer trust, which is important for the company’s sustainability. Proper management of security and risk and selection of the right infrastructure ensures compliance with the regulations of GDPR, which is reflected in the fact that sustainable systems are stronger against data leakage and disruption of operations – while maintaining the protection of personal data guaranteed by human rights. If a company implements appropriate ethical practices, it automatically implies general data protection, where human rights are considered. All this, in turn, will help businesses create a responsible culture regarding personal and general data protection.

After receiving the European Union membership candidacy, Georgia must harmonise legislation and regulations, with GDPR being part of this. Implementing this practice will allow companies to increase their reputation, increase data protection in terms of sustainability, and become more reliable in the eyes of consumers and investors, increasing brand value. By aligning their business practices with GDPR and Sustainable Development Goals, they will avoid any legal complications and be more flexible in the online space, as well as reduce costs, improve the operation of their products, and be able to become an example of sustainability for other companies. The relationship between a business and a consumer is mainly built on trust. The responsible use of public data will further enhance the brand image and create a trustworthy company’s reputation.

What important obligations do the GDPR terms contain?

The GDPR Terms reflect the obligations required of data processors by Article 28 of the Regulation. It requires data processors (i.e. “processors”) to:

  • use sub-processors only with the authorisation of controllers and be responsible for the actions of sub-processors;
  • process personal data only on the instructions of the controller, including with regards to the transfer to a third party;
  • to ensure the protection of confidentiality by parties processing personal data;
  • take all relevant technical and organisational measures to ensure the appropriate level of personal data risk protection;
  • assist the controller in its obligations to respond to data subjects’ queries regarding their exercise of GDPR rights;
  • comply with GDPR requirements for breach notification and assistance;
  • assist the controller in data protection impact assessment and consultation with supervisory authorities;
  • delete or return personal data at the end of service delivery; and
  • support the controller with evidence of GDPR compliance.

Aligning GDPR and corporate sustainability can broaden the scope of operations for businesses. This is particularly important in today’s interconnected world, where universal well-being is crucial for positively impacting the environment and society. What benefits the individual and society is essential to long-term, sustained success.

Share: