eCommerce News New Zealand logo
The latest digital commerce news for Kiwi businesses
Story image

Small businesses don't ignore the GDPR; it matters now

By Sara Barker
Fri 22 Jun 2018
FYI, this story is more than a year old

Impact on SMEs

The GDPR is a set of legislative conditions on how you can collect, process and manage personal data and one of the key aspects to it is the addition of subject access rights.

It applies to global entities, whether you're based in Europe or not.

Any company that's doing business in Europe will be subject to the GDPR. This includes companies based in a foreign country, even if they do not have an office in Europe, if they provide services to, or they collect personal data from, an EU citizen.

While GDPR has been in effect since May 2016, enforcement began in May 2018. A lot of talk around this regulation is about a significant increase in fines. The fines, at the minimum, are a 10 million Euros or 2% of your global gross revenue, or if it's a really bad data breach, or if the data breach contains sensitive or large amounts of personal data, 20 million Euros or 4% of your global gross revenue.

Yet GDPR is a cultural shift, not simply fines

GDPR is not a matter of compliance. It’s an exercise of accountability and risk management at minimum, and it’s a cultural shift. There is the simple aspect of having to respond to an incident while having to declare if personal data has been breached within 72 hours of the detection of the breach.

You need to declare a personal data breach if it impacts the ability of the data subject to be safe. For example, if you breach a username and password, that is probably not a reason to declare, but if there's a home address breached, and there's a risk to that user, you have to declare it.

The definition in the GDPR is for any data that can allow you to re-identify a data subject or person either directly or indirectly. The problem is the ‘indirectly’, which becomes complicated.

The classic definition of Private Information that most vendors will tell you is name, first name, address things like that. But when you look at the ability to re-identify a person, you have to take into account their images, hair colour, height stature, skin colour, things like that, and it goes all the way to if you are managing CCTV. That's all classed as personal data.

Two things incident response teams should do now

You need to produce a data map of how you as a business are managing personal data. If the response teams have access to that map, they can potentially see where there's going to be an issue, or where there's potential for personal data to be stored, where you might need to monitor a little more heavily.

One of the key aspects of the GDPR is accountability, so account for any aspects of what you're trying to do to prove that you can ensure that personal data is protected and as part of that, look at how you potentially respond to a personal data breach. If you are the target of an attack, you should know if, and make sure that, nothing's been changed or destroyed. That’s accountability and demonstrates that you’re taking this seriously and you're protecting the data.

With privacy there’s a connotation that you're not allowed to use the data, and you're not allowed to process that personal data. But that's not what the GDPR is about. The GDPR sets regulation so that you, as an organisation, understand what your responsibilities are on collecting that data, and that you use that data and process it in a secure manner. When you think of breach, the connotation is, ‘Oh we've lost data or data's been exported’.

But breach under the definitions of the GDPR is exfiltration or malicious destruction. For exfiltration, for example if you get ransomware, you will have to declare it if it's potentially got data that is sensitive. Malicious changes are, for example, if somebody outside of the normal processing activity changes the data, that's considered a breach. And there's one more - malicious deletion – that is, if you erase the data in any form.

Corporate responsibility and the GDPR

Under the GDPR, responsibility is at the highest corporate level - i.e. the board of directors - but liability depends on the type of violation, which articles you're in breach of, or you're not complying with, and it depends on the type of data that’s been violated.  

There are essentially are two brackets of fines.

For example, if you're managing what is deemed sensitive data, which includes things like political affiliation, trade union affiliation, criminal records, race and some other stuff, you will automatically be in the higher bracket of fines.

If you have done all your footwork, but are missing certain things, not complying with certain articles or you've done something wrong, that's more at the 2% level of fines… but there's a lot more, and it's a lot more complicated than that.

As for responsibility, the GDPR defines that it's the organisation and the board that's responsible, but there is also what they call a Data Protection Officer, or a DPO. The DPO’s responsibilities are to manage and coordinate all of the data protection activities, but also be the single point of contact in terms of breach notification, in terms of responding to the DPAs request, and in terms of responding to them eventually in the case where there are complaints from data subjects.

The DPOs responsibility is defined at the highest level in the GDPR.

Article by independent data protection advocate Thomas Fischer.

Related stories
Top stories
Story image
ROI
How to increase the success rate of business data projects
Amid changing economic conditions and uncertainties about supply chains and staff availability, it's never been more important for New Zealand organisations to be innovative.
Story image
InternetNZ
How well do rangatahi understand cyber safety in Aotearoa?
Do rangatahi in Aotearoa understand the importance of being safe online, or has lifelong exposure to the internet resulted in widespread complacency?
Story image
Firewall
Why printing security plays a vital part in keeping Aotearoa safe
While internet printing, mobile printing and other similar technologies have no doubt made things easier to manage, it has also brought a whole new set of problems to the table.
Story image
Google Cloud
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
Sustainability
NZ program recovers and recycles more than 177 tonnes of e-waste
The TechCollect NZ pilot program says its milestone of recovering and recycling more than 177 tonnes of ICT e-waste recognises the efforts of many.
Story image
Customer
OfficeMax NZ sees significant growth through Seismic partnership
OfficeMax New Zealand has announced it has seen a significant increase in customer and sales confidence as a result of Seismic’s digital enablement software.
Story image
Sales
BNZ launches first tap-on-phone point of sale app in NZ
Bank of New Zealand has launched BNZ Pay, an innovative mobile app for retailers that transforms an Android device into a contactless payment terminal. 
Story image
Apps
Freshworks integrates with Google's Business Messages
"The integration with Freshworks makes it fast and easy for businesses to have conversations with their customers within the Google apps."
Story image
Internet
InternetNZ appoints new chief executive. Will take over in October
InternetNZ has announced the appointment of its new chief executive, with Vivien Maidaborn taking over the role from interim chief Andrew Cushen in October.
Story image
Forrester
SAS is a leader in anti-money laundering - Forrester
The latest Forrester report revealed that SAS received the highest score in the anti-money laundering category of 15 vendors.
Story image
eCommerce
Marketplacer and Intelligent Reach to help retailers sell online
Intelligent Reach can now support Marketplacer marketplaces that want to sell their products through other places, such as Google and Facebook, eBay and Amazon.
Story image
Microsoft
Infobip’s SMS and WhatsApp services are now available through Microsoft
Infobip has integrated its WhatsApp and SMS channels through Microsoft Dynamics 365 Sales and Microsoft Dynamics 365 Marketing.
Story image
Cloud
Microsoft and Auckland Transport announce new cloud agreement
Auckland Transport (AT) and Microsoft have announced a new cloud agreement aimed at promoting innovation, reducing costs and improving sustainability in transport services.
Story image
KICKS CREW
KICKS CREW selects Forter to help scale global eCommerce operations
KICKS CREW has selected Forter to help scale its global digital commerce operations.
Story image
New Zealand
Research finds Kiwis prefer real backdrops in video calls
New research from Natural Paint Co. has found that 74% of Kiwis prefer seeing a natural background behind people during video meetings.
Story image
Revenue
Cisco NZ revenue declines by over $18.5 million - report
Cisco NZ has released its latest financial report, showing the company's total revenue has declined by more than $18.5 million year-over-year.
Story image
Facial recognition
Māori data specialists not consulted on facial recognition technology - data sovereignty expert
Māori data specialists are accusing the government of ignoring them while going ahead and expanding the reach of facial recognition technology.
Story image
Customer experience
BillingPlatform introduces new enhancements to revenue management services
Some of the new developments include hosted payment pages, and new and updated connectors to Salesforce, NetSuite, OneSource, Avalara and other enterprise systems.
Story image
Ebay
FedEx and eBay team up to boost APAC eCommerce options
FedEx Express' new alliance with eBay enables eBay sellers in APAC to sign up for a FedEx account and access the full spectrum of FedEx e-commerce delivery service options at competitive rates.
Story image
Enterprise Resource Planning / ERP
Why the right ERP (and partner) is crucial to an innovative and successful business
Enterprise Resource Planning (ERP) is a foundational step to ensuring a robust business model; here's why choosing the right one could be vital to ensuring long-term success and innovative results.
Story image
Digital Journey
NICE unveils new CXone capabilities with latest release
NICE has announced the Summer 2022 release of CXone, which adds new capabilities that enhance journey orchestration and complete performance.
Story image
Cloud
Sitecore caters to modern marketing teams with CMS cloud launch
"Sitecore's move towards a composable SaaS offering for creating and delivering digital experiences is in line with what marketing teams are looking for.”
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Payments
Tranxactor Group to build customer loyalty with Oracle
Tranxactor has chosen Oracle Cloud Infrastructure (OCI) with Enterprise Database Service to allow it to provide brands with immersive customer engagement and loyalty programs.
Story image
Commerce Commission
The NZ TCF endorses move by ComCom to promote TDR dispute scheme
The New Zealand Telecommunications Forum has welcomed the move by the Commerce Commission to further promote customers' access to the Telecommunications Dispute Resolution Scheme (TDR).
Story image
Social Media
ActiveCampaign reveals consumers seek trusthworthy content
Consumers will engage with new brands across all channels, including online, in-store and social media, as long as the content is relevant and trustworthy.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Planning
Digital key for smart investment in public infrastructure for NZ cities
Major public infrastructure projects can better manage risks of cost overruns and delays if they deploy data and digital tools at the earliest planning stages.
Story image
Revenue
IBM NZ sees significant revenue increase in latest report
IBM NZ has posted revenue of $172,449,000 for the financial year, according to its latest report, a year-over-year increase of over $47.5 million compared to $124,904,000 in 2020.
Story image
Wireless
Hands-on review: Jabra Engage 55 wireless headset
We get our hands on a German design professional headset that many knowledge workers could benefit from.
Story image
Sustainability
Visa launches Eco Benefits solutions in Australia and NZ
Eco Benefits is a suite of sustainability-focused solutions that will help Visa cardholders better understand the environmental impact of their payments.
Story image
Manufacturing
How manufacturers can respond to rapid change with technology
Disruption, innovation, and continual refinement of shop floor processes are driving factors in today’s complex market landscape. 
Story image
SaaS
OpenText launches new solutions on Salesforce AppExchange
Included in this latest launch is OpenText Core Content, a Content Services platform that customers can leverage to effectively manage their content.
Story image
Cybersecurity
eCommerce fraud increasing pressure on businesses margins
It is vital for businesses to maximise the value of every dollar by turning away as many fraudulent actors as possible without blocking good customers."
Story image
Phishing
Akamai research finds PayPal security measures utilised in new phishing scam
New research from Akamai has found that a new threat actor is parasitising benign WordPress sites to execute an extensive PayPal phishing scam.
Story image
Financial results
Facebook NZ financial report reveals notable revenue increase
Revenue from contracts with customers increased by $NZD 1,089,292 compared to 2020's figures.
Story image
Customer
Airwallex launches an online payments app on Shopify
Airwallex has launched an online payments app on Shopify, allowing merchants to integrate a gateway plugin on their online store to accept payments from their global customers.
Story image
Remote Working
Mantel Group continues NZ expansion with Auckland office
"Our desire is to offer real understanding to our New Zealand clients, and help provide solutions that better their business.” 
Story image
ShopBack
Forter and ShopBack enhance partnership to further prevent fraud
Forter and ShopBack have enhanced their partnership with the addition of better eCommerce security solutions for customers.
Story image
Artificial Intelligence
Oracle unveils AI-powered application to automate sales
Oracle has unveiled the next generation of Fusion Sales, an application that automates sales and identifies the opportunities worth pursuing.
Story image
Artificial Intelligence
Cyara rolls out comprehensive, automated chatbot feature
Cyara has unveiled new chatbot testing features with the latest release of Cyara Botium, creating a solution for comprehensive, automated chatbot testing and assurance.