Personal data protected against the backdrop of growing innovative technologies - the new "currency" of business

2021-02-12 11:38:34

In today’s digital world, modern innovative technologies are an essential component of community development. Through them, companies have the opportunity to be competitive in the market and achieve significant economic growth.

In May 2015, the European Commission presented a revolutionary strategy for the creation of the EU Digital Single Market, which is based on two main aspects:

  1. Increase access to digital products and services for consumers and businesses.
  2. Creating an appropriate environment for innovative services, which implies legislative changes, both to promote technological development and to reduce the risks posed by that development. The adoption of the General European Data Protection Regulation (GDPR) also serves this purpose.

As we can see, on the one hand, there is an immeasurable desire and demand for rapidly growing innovative technologies that give new opportunities to businesses, on the other hand - the protection of fundamental human rights, personal data and privacy. Maintaining a balance between these two interests requires incredible precision and great effort.

As it is often said, personal data is a new generation of "gold" for business, and technologists (such as artificial intelligence, blockchain, so-called Virtual reality (VR), biometric verification technologies - face, fingerprint, as well as the retina Identifier, etc.) makes it even easier for companies to process personal data for a variety of purposes. The recent massive violations of personal data in the world have significantly increased the interest of citizens in these issues (data and privacy protection).

Along with the European Union, Georgia is also trying to promote the development of innovations and technologies in the country. Accordingly, maintaining a balance between the above-mentioned two interests is also relevant in Georgia. It is noteworthy that the scope of the GDPR does not include only EU member states. If Georgian companies supply services or goods to the EU market, then they have an obligation to comply with the GDPR requirements. Therefore, it is interesting for Georgian companies to analyze this issue.

One of the most important innovations and commitments for businesses that the GDPR has taken into account is the consideration of data protection standards (Privacy by Design and Privacy by Default) in the process of creating a new product or service. Violation of this obligation may result in a significant financial sanction.

"Privacy by Design" implies the commitment of companies to take appropriate technical and organizational measures to protect the rights and freedoms of the data subject by defining the introduction of the latest technologies, the nature, scale, context and objectives of data processing. For example, when a company creates a new product or service, it is obliged to take appropriate technical and organizational measures at the initial stage of creating the product or service to protect personal data.

"Privacy by Default" implies the obligation of companies to take appropriate technical and organizational measures, which automatically ensures the processing of data necessary only for a specific purpose. For example, when a company creates a new service that allows users to determine for themselves what kind of personal data becomes available, the initial setting - the so-called. The most rigorous form should be chosen as the "Default", and then the data subject himself should determine the dose to make his data available.


Functioning within the law

According to the GDPR, companies are required to comply with the rules set out in the regulation. They should evaluate in advance whether the new service and technology comply with legal requirements. The best practice to achieve this is the Privacy Impact Assessment (PIA). PIA helps companies analyze privacy risks during the product development process. This in turn ensures its compliance with the new service and technology regulation



Ethical aspects must also be considered in advance. Companies need to determine how transparent they want to be in the data processing process and to what extent they want data subjects to be involved in the processing process.


Communication with data subjects

Proper communication with data subjects is very important both at the initial stage of creating a service or technology, as well as when launching it on the market. However, communication messages should be understandable and data subjects should have information on how to behave if they want to learn more about their own personal data processing.

At first glance, it may seem that the regulation imposes additional requirements on the business, however, it should be noted that the regulations on personal data protection are different from other classic regulations, because if the established requirements are taken into account, significant benefits can be obtained.

Consequently, if a business realizes that innovation and personal data are compatible and a business cannot be effective and adequate without adequate data protection measures, if it thinks about legal processing of personal data from the very beginning of product / service creation, the benefits are reflected in financial performance. Financial benefits are directly related to consumer confidence and brand reputation.

In today’s reality, consumer confidence as a phenomenon is somehow a new currency for business. Consequently, gaining and maintaining customer trust is the most important factor for business development.


Beka Kenkadze

Auditor of the Public and Private Sector Supervision Department of the State Inspector’s Service