Home » Blog » technology

Tag: technology

GDPR is Almost Here – Are you Prepared?

On May 25, 2018, the European Union’s new data protection legislation, the General Data Protection Regulation (GDPR), will take effect. This law heralds a new era of rigorous data privacy and security and makes data privacy a fundamental right for EU citizens. Of course, all EU companies and many multinational companies doing business in the EU have to be fully compliant with this legislation on Friday. What is important to note is that some U.S.-based businesses, even those without employees or offices within the EU, may also be required to comply with the GDPR.

Does my U.S.-based business need to comply with this law?

If your business processes and/or holds personal data of individuals residing in the EU (including employees) or you are marketing/selling products to consumers in the EU, then your business must comply with GDPR. In a broad sense, the GDPR requires businesses to understand what data they are collecting, be able to articulate why they are collecting it and which of the six categories of lawful processing its purpose falls into, what the business’s strategy is in the event of a data breach, what the timeline for retention of personal data is, and how such data is destroyed when the purpose for collecting and retaining the data no longer exists. There is a record keeping exception that companies with less than 250 employees may qualify for.

But what is ‘personal data’ and what do you mean by ‘processing’?

Personal data’ is any information related to a person that could be used to identify such a person. This includes the person’s name, identification number, location data or online identifier, email addresses, bank information, social media posts, or other factors specific to the physical, genetic, physiological, economic, mental, cultural, or social identity of that person. The EU is taking a very broad approach to defining ‘personal data’ so it is best to consider almost any information you collect about an EU citizen to be personal data.

Processing‘ means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.

Most, if not all of us, have a website and if a German resident stumbles upon our website, the GDPR will likely not apply just because that person found the website. However, if you are actively encouraging EU residents to visit your website, ship your products to the EU, market or translate your webpage in a language of an EU country, or if you engage with EU residents and process their personal data in any other way (for example track and collect information on webpage users from the EU to analyze online behavior), the GDPR may be applicable to your business.

The GDPR requires all businesses to protect the personal data of EU citizens, and specifically prescribes how this should be done.

How do I ensure compliance before May 25?

There is a “quick fix” that you can implement before Friday: add a cookie banner to your website that allows your business to ask permission before processing an EU resident’s data and also allows you to stop collecting data from any IP address from an EU country if they do not consent.

For the permission or consent to be valid in terms of GDPR, be sure not to use legal jargon or to bury the consent in fine print. Consent needs to be specific, in plain language, explain what you will be using the personal data for, and positive (i.e. the person must opt in to allow you to process the data).

Is there more to it?

Yes, the GDPR’s requirements are far-reaching and ensuring full compliance may take a bit more time.

One of the biggest and most important tasks is to map your data, i.e. figure out what personal data you store and collect in your databases (online, on computers, tablets and phones, and on paper), how that data is being used, and how long the data is being stored.

Once you have an idea of your data collection and retention practices, you need to determine what data relates to EU residents.

All EU residents need to consent (i.e. opt in) to your processing of their data, so the business will have to reach out to these residents to obtain consent or, alternatively, destroy the data.

Another key step is to update your data privacy policy and ensure that your business puts the necessary controls in place to adequately process personal data going forward. This policy should be in writing and become part of your existing and future service contracts with third parties.

What if my business doesn’t comply?

The penalties for non-compliance are quite steep: 4% of your company’s worldwide annual turnover of the preceding financial year or € 20 million, whichever is greater, for serious infringements of the GDPR; 2% or € 20 million, whichever is greater, for less serious infringements.

 

Contact us to schedule a consultation.

Tonya Price (tonya@jrwiener.com)

Francisca Pretorius (francisca@jrwiener.com

The Best Way to Fight Uber? Own It.

Originally published at the Roosevelt Institute

Progressives should embrace employee ownership as one of the best ways to challenge corporate power from the bottom up and put supporting the growth of worker-owned firms in the center of our strategy. As the economy becomes Uber-ized and dominant firms in all sectors take up more and more market share, structural reforms like better antitrust regulation and portable benefits are absolutely necessary, but not sufficient, to reversing inequality.

What’s needed is a massive wave of support for shared ownership and community capital. The difference in an employee-owned business from another type of business is simply where the profit goes: Does it flow up to an executive suite and a small set of investors? Or, is it shared by the members of the enterprise, who put in the time and effort to make it successful? The product may be nearly the same from the perspective of the consumer, but the change inside the firm itself is durable, because it’s not subject to the shifting winds of legislators. Community capital allows those of us with the ability to invest to put our wealth into local businesses, rather than exclusively into Wall Street funds.

These models that were once seen as “niche” and hippie-like may be our best shot at centering working families as both value creators and value receivers in the American economy to come. For example, shared ownership of platforms—the rising business model that Uber embodies, where workers aren’t employees but instead “gig” workers, or independent contractors—can turn a platform into a way for its owners to best employ their skills in a just-in-time economy, as nurses in California have identified. And if the “gig” or “platform” business model is here to stay—and its embrace by millennials demonstrates that it is—there’s a real opportunity to move from the sharing” economy to the shared ownership economy.

In a way, shared ownership is simple: Through a variety of legal structures like a Limited Cooperative Association or partnerships with multiple partners, worker-owners have rights to the value created by the firm just as investors do, and they often have decision-making power over major corporate decisions, as well. Worker ownership of a firm does not mean that everyone sits around in a drum circle to decide what type of pens to purchase—firms owned by employees may look and feel just like a regular firm, where members-owners have the right to vote on the major issues that face the firm. In fact, employee ownership is much more common than people think, in the form of Employee Stock Ownership Plans (ESOPs)—over 10.5 million workers partially or wholly own their employers this way. A recent studyby the National Center on Employee Ownership found some striking statistics about the benefits of ownership: For employee owners aged 28-34, such workers had 92% higher median household wealth, 33% higher income from wages, and 53% longer median job tenure, when controlling for demographic factors.

What employee-owned firms have lacked for a long time is capital: New firms require investors willing to take risks on entrepreneurs with a vision, and investors have long been skeptical of founders who planned to share the value of the firm with employees. But the rise of social capital and impact investing, alongside new opportunities for community capital-raising after the implementation of the JOBS Act and investment crowdfunding regulations, means that capital is starting to unlock for such firms.

Policies to encourage worker ownership have slowly been getting more attention from lawmakers—several Democratic senators have introduced legislation this year to fund employee ownership centers in the states and to create a fund of public capital to support conversion to worker ownership. And prominent progressive voices like Roosevelt Chief Economist Joseph Stiglitz are speaking out in favor of the model. It’s crucial that spreading worker ownership becomes as central to the progressive economic narrative as raising the minimum wage and supporting financial reform.

The best way to fight Uber? Own it.