Data protection: 8 common beliefs about GDPR

At the end of 2011, Jorge Tellez observed that companies were not handling data securely. He set about designing a secure data sharing solution and in doing so created the start-up QualyCloud . In 2016, the solution evolved to comply with General Data Protection Regulation (GDPR) and incorporate Blockchain technology. QualyCloud received an award for having the first secure “GDPR compatible” platform at the TM Forum in May 2018. As a GDPR expert, Jorge Tellez helps clarify these eight conventional wisdoms.

Jorge Tellez, founder of QualyCloud

Notion #1

In terms of GDPR compliance, many companies are late to the game.

“That’s true! The law was passed two years ago, and some companies are only just starting to look at it!”

Notion #2

Every company must become compliant as soon as possible.

“Again, true. To not just follow the rules, but since compliance will soon be the norm, it’s a competitive advantage if you can benefit from it now!”

Notion #3

The first thing to do is seek help from a consulting firm.

“Not necessarily. The French National Commission on Informatics and Liberty (CNIL) offers a free tool (opens in a new window) for analysing the impact of GDPR on company data: it’s an excellent starting point.”

Notion #4

GDPR compliance is an IT problem.

“Not at all! New regulation impacts the entire organisation and sometimes requires fundamental changes to company processes. The GDPR project team is multidisciplinary and combines technical, legal, business and other skills.”

Notion #5

Companies who have begun their digital transformation have a head start.

“Not necessarily! A company whose processes aren’t yet automated can ensure their digital transformation is compliant straight away. And a company can still be compliant while having paper processes!”

Notion #6

The CNIL penalties will be heavy.

“Is this the most important issue? Imagine the cost of hacking, for a non-compliant company with a database of one million customers … and who must notify by every single customer via registered mail with acknowledgement of receipt (at EUR 4 each time)!”

Notion #7

From now on, personal data should not be sent by email.

“Companies should have always avoided this: email is as confidential as a postcard! Any transmission of personal data must be made via a secure platform, which is what QualyCloud offers.”

Notion #8

With GDPR, businesses will be able to offer new services and build trusted, transparent customer relationships.

“Absolutely! GDPR will simplify the customer journey. QualyCloud has created a solution for the secure transfer of data to third parties, with each customer’s consent, which will benefit everyone. For example? This solution will enable Orange to become a trusted third party. When an Orange customer wishes to rent a vehicle, Orange may, if requested, send the rental company the necessary personal data, in complete security and for a limited time. The customer is reassured that the hire company will not keep or sell it. Orange can therefore offer a new service to its customers and partners.

> Learn more about QualyCloud