top button
    mPaisa Forum
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

GDPR seems to benefit Silicon Valley but harm US relations

+1 vote

The initial effects of GDPR seem to be that the biggest companies have benefited but the US government thinks it’s harming relations.

The Wall Street Journal reports that Google and Facebook have had a significant advantage over all other digital advertisers as their size has enabled them to tick all the GDPR boxes at scale far more quickly than anyone else. In fact Google’s DoubleClick Bid Manager is apparently sending more traffic towards Google’s own ad inventory as a result.

It’s far from surprising that a massive new layer of bureaucracy benefits the largest companies the most, as we previously observed. All the kinky talk of compliance and forced consent gives larger organisations a natural advantage as they’re able to devote more resources to ticking all the bureaucratic boxes and have more lawyers to protect them if they transgress regardless.

The European Union is, of course, one of the largest organisations of all and thus has much more natural affinity with the likes of Google than it does some relatively insignificant SME. That’s not to say the EU sought to deliberately favour a company it recently hit with a massive fine, just that the more it meddles with business, the more advantage it gives big companies.

While Google and Facebook might be quietly pleased with how GDPR is playing out, the US government is growing increasingly agitated. Writing in the FT US Commerce Secretary Wilbur Ross said “We in the US are deeply concerned about the way the EU’s new privacy guidelines, which came into effect last week, will force big changes in the way US and European companies do business.”

“GDPR creates serious, unclear legal obligations for both private and public sector entities, including the US government. We do not have a clear understanding of what is required to comply. That could disrupt transatlantic co-operation on financial regulation, medical research, emergency management co-ordination, and important commerce.”

If even the US government doesn’t know how to comply then what hope does some small business have? Furthermore there have been some reports that even the European Commission itself is struggling with compliance and may be looking to exempt itself from its own rules, which would be a classic EC move.

This public grumbling from the US government comes as trade tensions between the EU and the US have escalated after the two were unable to come to a compromise over the trade of steel and aluminium, which President Trump seems to think needs correcting in favour of the US. As a result the US has imposed tariffs on the import of these metals from the EU, creating the prospect of retaliatory tariffs and further escalation.

“I am concerned by this decision,” said EC President Jean-Claude Juncker. “The EU believes these unilateral US tariffs are unjustified and at odds with World Trade Organisation rules. This is protectionism, pure and simple. Over the past months we have continuously engaged with the US at all possible levels to jointly address the problem of overcapacity in the steel sector.

“By targeting those who are not responsible for overcapacities, the US is playing into the hands of those who are responsible for the problem. The US now leaves us with no choice but to proceed with a WTO dispute settlement case and with the imposition of additional duties on a number of imports from the US. We will defend the Union’s interests, in full compliance with international trade law.”

The EU is the joint biggest exporter of steel to the US along with Canada, according to the BBC. Canada and Mexico have also been hit with the same tariffs and the affected regions seem likely to slap tariffs on the import of bourbon, jeans and hot air. It’s not inconceivable that the GDPR moans are part of a broader negotiating strategy but it looks like things will get worse before they get better.

posted Jun 2, 2018 by Sanjay Rawat

  Promote This Blog
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

Related Blogs
+1 vote

image On 25 May 2018, the General Data Protection Regulation   (GDPR) becomes enforceable under law in the European   Union (EU).

 It fundamentally changes how businesses (and the public   sector) must handle information relating to their customers, giving greater   protection to individuals and harmonizing the laws for data handling across the EU.

 GDPR has a different focus to previous data protection laws, and ensures the protection of Personally Identifiable Information (PII)   related to an EU individual, regardless of where it is stored anywhere across the world.

 If you are a small business which has never dealt with, or shipped to anywhere outside of your home country, it is possible that GDPR will   not be a concern. However, even if you have a single regular EU-based customer, you will need to become compliant.

 Compliance with GDPR is essential for any business doing business inside the EU, but it is also just as important for any business globally that wants to do business with the EU.

So with that in mind, what steps should businesses in APAC look to consider?

The first requirement would be to put someone in charge of data compliance. Under GDPR this person is known as the Data Protection Officer (DPO), and is responsible for ensuring that your company is securing their data correctly, while also holding overall responsibility for the compliance process. Without a DPO, companies might risk failing to comply, with internal battles preventing effective decisions from being made.

With a DPO in place, you can then start to look at areas where data protection best practices will help. It is worth bearing in mind that the full current documentation contains 99 GDPR articles, hence I’m proposing three important areas to pay particular focus on. 

1. Encryption of data. This may seem obvious, but it’s worth taking the time to review what you encrypt and where it is. This will likely mean running a full data audit, but as we know since data does change value over its lifecycle – an audit will have benefits beyond just knowing ‘what’ to encrypt, you will also learn what data is being held and whether it can be archived or even deleted. This is also not just about encrypting data at-rest, also consider data in-motion and network data protection methods. The latest encryption and cloud access security broker (CASB) tools will greatly help here.

2. Access controls. Make sure you know who is accessing data, from where, and when. With demands for 24x7 any-device access, it is very important to put these controls in place, and reduce the risk for unauthorised access. At the same time make sure that employee access methods are strong with good, regularly changed, passwords and multi-factor authentication in place. However, this only covers user access to data. You will also need to look at what is accessing data. Many organisations have third party connections in place with partners or other applications. These will similarly need to be continuously monitored, for ongoing GDPR compliance.

3. Establish an incident response process. Under GDPR, if data is breached, you need to notify that this has happened – and in most circumstances, the notification has to happen within 72 hours of detecting the breach. Effective incident response processes will put you in a stronger position should a breach occur, to understand what happened, the impact of the breach and the mitigation measures required. The breach will still need to be reported, and you may have to contact individual customers to let them know – but an efficient response process will allow for better mitigation of potential damage, while also greatly reducing the risk of negative long-term brand or financial impact.

In summary, ensuring the safe protection of your customers’ data should always be a priority, and is fundamentally sound business sense.

The imminent roll-out of GDPR however, as a significantly broad set of regulations with potential legal implications globally – should serve as fresh impetus for your company to relook the way it approaches data protection, and plug gaps which might otherwise pose issues in the long run.

While GDPR details how data relating to EU citizens must be protected, does it not make sense to simultaneously consider and adopt the best practices being rolled out, and protect ALL citizen data that you process globally?

Various countries in the region are already creating and updating their respective data protection laws. Singapore, Hong Kong, Japan and the Philippines for example all already have plans in the works, with Australia having recently already amended their existing privacy acts – but the GDPR is cross-border legislation, and becomes legally enforceable from the 25th of May this year.

With regulation comes opportunity, and GDPR is perhaps the perfect catalyst for companies across the region (and beyond) to relook the way they approach data protection. Better data protection will not only ensure compliance with the new regulations, but also ultimately provide confidence to your customers in the long run – this is your chance to stay ahead of the game.


0 votes

Businesses should focus on how compliance with data privacy laws can enhance customer experience and increase brand loyalty

Much has been written about the introduction of General Data Protection Regulation (GDPR) in May this year. Most of the noise thus far has revolved around the responsibility and risk levied at organisations, however not much has been written about the opportunity GDPR offers up in terms of enhancing the customer experience and increasing brand loyalty.

But before we dive into this…

What is GDPR?

GDPR will create a single set of rules within the EU for data protection. More specifically, GDPR applies to ‘personal data’. This is any information that can directly or indirectly identify a specific person. The general rules related to data protection have not changed radically, but non-compliance is expensive with steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher. We see it as an evolution, not a revolution.

Whom does it apply to?

The scope of GDPR is extremely broad. It applies to businesses dealing with personal data in the EU, even if the business is not based in the EU. It also applies to businesses based in the EU, even if they are dealing with the data of people living outside the EU. 

How does payment data fit in?

Payments data is at the heart of every business, it is directly related to conversion and your bottom line. Consequently, this data is of highest value to hackers, and needs maximum protection. Businesses have to share customer data with their payments provider for various reasons. It may be for payments processing, data storage or to enable risk solutions. It’s important to partner with a payments provider who is not only PCI compliant, but can also guarantee that they will meet the requirements of the GDPR to avoid hefty fines.

Role of a payments partner in GDPR compliance

A payments partner should ensure that the data you share is handled safely and securely at all times. For example, along with PCI Level 1 certification, they should have a proven track record of securely handling data. Your payments partner can also assist you in providing evidence of compliance to the regulators.

How is payments data secured?

PSPs have various methods of ensuring that data is secure and cannot be misused. The common ways to secure payments data are:

  • Encryption: Encoding data in such a way that only authorised parties with a valid key can access the data. Encryption algorithms are used to encrypt data and create the key.
  • Tokenisation: A process where sensitive data is completely removed from a system and is replaced with a unique, randomly generated token. Business systems can use the token to retrieve, access or maintain the data stored at an offsite, secure location making it highly impossible for hackers to access the data. 


Now that we’ve covered the basics, let’s explore how a payments partner can help you leverage the data provided by your customers and bring added benefits to your business and your customers. Simply put, insights from data allow businesses to modify and tweak various systems to smooth the customer journey and increase conversion. Some examples of this would be:

  • Offering familiar options: When foreign customers land on your checkout page, you can offer the option to pay using local payment methods popular in the specific country/region they are from. Using Germany as an example, this could be Sofort or Giropay. This can occur even when your customer is travelling and transacts via a different IP address, giving him a consistent and convenient payment experience wherever they are. 
  • Securing transactions: Data also helps a business secure every transaction. Thanks to data provided by customers to authenticate themselves, businesses quickly identify fraudulent activity. For example, if your customer’s card details come from a suspicious IP, or other data doesn’t match, the transaction will be flagged and sent for extra authentication ensuring that only the right customer with the right details can make the payment. 
  • Enhancing customer experiences: Repeat customers who have registered their payment data can experience a seamless user journey with one-click payments. Businesses should look for a PSP which offers payment pages which recognise returning customers, and pre-fill the fields for a specific payment method allowing them to check-out quickly and easily.   


Mutually beneficial

When it comes to data privacy, GDPR will create a framework for amicable coexistence between businesses and their customers. It’s important to educate your customers about the role data plays in offering secure transactions, and a superior customer experience. The current updates to payment regulations such as PSD2 or PCI DSS, in combination with GDPR, will ensure safer payments and secure data processing. Couple this with offering data-driven benefits to your customers and we find ourselves in a win-win situation. While businesses across the world race against time to be GDPR compliant and meet the requirements for the ever-changing laws, businesses that take a positive approach can turn this regulation into an excellent opportunity to gain customer trust, create tools for higher conversion and increase brand loyalty. 

+1 vote

In Phillippines the government-sanctioned Cagayan Economic Zone Authority (CEZA) has become the top economic driver of the region after 10 years of operation  It will  be the Asian version of silicon valley by becoming the first Fin-Tech hub in ASIA

.CEZA public relations head Marie Joyce Jayme-Calimag said successful accomplishments of the economic zone and freeport in 10 years of operation contributed to the region’s fast-growing economy .Also Raul Lambino, CEZA chief executive officer and administrator said the Cagayan ecozone has pioneered the establishment of the offshore (online) gaming jurisdiction in Asia and soon will be the first FinTech hub, also in Asia.

A memorandum of understanding (MoU) is signed in Tokyo with Traders Holdings Inc., a publicly listed Japanese company, and IWave Inc., a Makati-based FinTech firm, to help create a regulatory authority Said Raul. 

Under the MoU, it will be the first Asia-located Special Economic Zone to regulate, license and propagate FinTech firms and develop to make the ecozone the premier hub for the continuous development of financial technologies.

Lambino said their exposure to the banking and capital market sectors will boost Know Your Client (KYC) procedures and Anti-Money Laundering (AML) policies. He also explained that on a larger scale, the MoU will bridge the technology industries of Japan and the Philippines

He intends to bring Japan’s advance technologies and research and development capability with a greenfield technology hub of the Philippines, expanding its telecommunications and bandwidth capabilities.

Several offshore firms have already shown interest at the Cagayan Special Economic Zone and Freeport to do business in the planned offshore FinTech post.

This environment, according to Lambino, will combine nature’s serene beauty– Cagayan’s Sierra Madre mountains and some of the world’s finest beaches–with wide bandwidth submarine cable landing points that are soon to be completed to ensure that the zone is firmly connected to the rest of the world.