BLOG

See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

Exploring The Impacts of GDPR on Social Media & Enterprise Collaboration Networks

Any organization that processes personal information about EU citizens must have systems in place to comply GDPR laws, and prove their compliance with documentation. Even now, many companies are not in full compliance, and this is a major risk as non-compliance can cost organizations up to 20M Euro in fines or 4% of the total annual turnover of the preceding financial year.

The GDPR is a complex regulation put in place to protect personal data of individual customers. With the heavy and only growing usage of social media and enterprise collaboration networks by companies around the world, several GDPR laws have been put in place to help protect personal information living within these platforms.

AdobeStock_178645001 copy.jpg

The following unique issues are of important exploration when determining steps towards GDPR compliance in regard to social media and enterprise collaboration networks like Yammer, Workplace by Facebook, Chatter and more:

  • Data Protection and Privacy: The need to implement policy statements on websites and social media that address the intention of collecting data before doing so.
  • Employee Rights on Social Media: The importance of reviewing workplace social media policies to ensure they do not conflict with other privacy laws.
  • Governance and Oversight: The need to develop strong internal procedures and controls to ensure social media risks are managed effectively when using social media.
  • Information Archiving and Retention: The requirements to implement a record-keeping systems that effectively captures social media history and saves it as official, valid archives.

The GDPR and Privacy Rights

Under the General Data Protection Regulation, individuals have the following rights: 

1. The Right to be Informed

Individuals will have the right to know when and where their data might be used when it is collected. Organizations must request consent before gathering data for a specific purpose. ‘Opt-in’ will replace the existing ‘opt-out’ rules when it comes to receiving any marketing communications.  

2. The Right of Access

Individuals can request access to their personal data and have the right to understand how an organization uses it after they have it. Organizations must turn around free copies of their data if requested.

3. Right to Rectification

Individuals can require any errors in personal data to be corrected. Organizations must reply to the request to correct errors within a month.

4. The Right to Erasure 

Individuals will have the right to withdraw consent for organizations to keep and use personal information at any time, and have that information erased.

5. Right to Restrict Processing

Individuals will have the right to block and suppress processing of their personal data. If suppressed, organizations can still store personal data but cannot use it in any way.

6. Right to Data Portability 

Individuals will have the right to transfer their data from one service provider to another. This demands the current provider to comply with such a request.

7. The Right to Object

Individuals will have the right to object to organizations using and processing their personal data - whether in direct marketing, profiling, processing for scientific or historical research, inclusion in statistical research, or other purposes. If an individual objects, all data processing must be halted right away.

8. Rights Related to Automated Decision Making and Profiling

Individuals have the right to be protected against the risk that a potentially damaging decision is taken automatically, without human intervention.

PageFreezer’s free white paper sheds additional light on this topic, specifically looking at the implications of GDPR, as well as the 12 steps you need to take in order to comply with the regulation. 

gdpr_cover.jpgDownload White Paper 

 

Related Posts

How Schools Can Manage Official Social Media Accounts and Protect Student Privacy

With many schools boasting large and active communities, it’s unsurprising that social media has become a  popular tool in education. Social media platforms offer an engaging way to share information and connect students, parents, and teachers. A Facebook page or Twitter account makes it easy to inform everyone that school has been closed because of snow, remind parents of important upcoming events, or simply celebrate the latest team win. 

The Best Way to Place Social Media Data on Litigation Hold

With so many people active on social media these days, it’s hardly surprising that posts and comments on platforms like Facebook and Twitter often feature prominently during legal matters. This means that legal professionals have an obligation to protect relevant social media data from spoliation, but the challenges that come with these modern information sources extend far beyond willful destruction of evidence.

Social Media Evidence Spoliation and Preservation

No case better illustrates the risks of social media spoliation than Lester v. Allied Concrete Company. The plaintiff had lost his wife in a tragic vehicle accident and was suing for wrongful death. Unfortunately, some Facebook photos came to light that his lawyer was afraid would prejudice the case, and he consequently told his client to delete them. “We do not want blow ups of other pics at trial,” an email from the law firm read, “so please, please clean up your Facebook and MySpace!”