How GDPR Will Affect the Businesses in Romania (I)
GDPR – General Data Protection Regulation – is an initiative proposed by the EU in 2012 to replace the 1995 Data Protection Directive, that came into effect on 25 May 2018. These new regulations reflect the need for protection in respect of the personal data of the EU individuals, against the background of skyrocketing growth of the digital technology consumption.
The events such as the 2015 viral campaigns or, more recently, the scandals involving Facebook have created an opinion trend in favor of this kind of regulations.
How can Romanian companies get in line with these new GDPR regulations? Firstly, it is important to understand clearly what these new laws involve, as they will affect not only the businesses in the European Union, but also the ones outside it.
In order to facilitate a detailed explanation of these provisions, we’ll refer to terms such as:
- Personal Data – include, without limitation, confidential and personal information, such as first names/last names, physical or email addresses, identification documents, payment means, localization data, political opinions, religious or philosophical beliefs or data related to the physical looks of a person.
- Data Processing – includes, without limitation, collection, storage, consulting, changing, using or sending, as well as deletion and destruction of the personal data mentioned above.
- Data Encryption – Represents the process of securing the sending of confidential information between institutions or companies and citizens, using advanced encryption technologies (mathematical algorithms).
The GDPR initiative is meant to offer increased transparency and security in the process of data processing and encryption for the EU citizens in the online environment. The regulations require the companies that provide services to individuals in the European Union to inform the consumers in respect of the personal data processing methods and the purpose for which such data will be used. At the same time, this initiative brings about value and credibility to a brand, considering the extent to which the present day consumer appreciates the confidentiality of its actions in the online environment.
Very many big companies, even some startups, had complied with these regulations long before they became effective. Nowadays, however, the EU will make sure that all the companies will implement, in a transparent manner and in full, these provisions, which will improve the relations between consumers and suppliers.
We all know Apple’s Safari 10, the new version of web navigator, was a big success in 2017. It offers the possibility of blocking the unwanted personal data monitoring and also other facilities as the automatic starting of the video content on the page, which may be classified as aggressive marketing.
The New Provisions and Their Importance
The new provisions should not alarm any operator (private legal entity), as they have been prepared not only to the benefit of the users, but to the benefit of companies or other organizations. The provisions have been developed based on Directive 95/46/EC, which was abrogated once the new GDPR has come into effect.
It’s true that these provisions will substantially affect the marketing and operational strategies of all. Following is a summary of the provisions:
- Any entity that processes the consumer data in the EU, including third parties, may be liable to prosecution if these provisions are infringed.
- When an individual does not want their data to be processed by an operator (company/institute), the information must be destroyed, on condition that there are no reasonable grounds to keep it.
- If they process on a wide scale confidential information for a big number of consumers, the operators are obligated to designate an expert in personal data management (small and medium size companies are exempted from these provisions if the data processing is not an essential part of the their business).
- The operators are obligated to report to the national supervisory authorities any serious violation of these new regulations immediately.
- Parental consent is necessary for the children under a certain age to be able to use social networks (the age criterion varies from 13 to 16 years, according to the specific laws of each country).
- Individuals are entitled to the portability of their data, which allows for the easy and convenient transfer of their personal information when they change services between suppliers.
Of course, the law provides for more than just that and any company dealing with businesses in the tech-online class should seek for the advice of a specialized law firm. To many companies that have already developed online marketing strategies in keeping with the old regulations, the new law does not necessarily bring about major unforeseen aspects.
You can find some considerations on the impact GDPR will have on Romanian companies here.
Over the last decade, I've built my professional life as an investor, focusing on 3 key areas: financial services, real estate and tech startups. I’ve participated in the setup and development of two major fintechs, and after those two successful exits I’m now directing my resources into building a new enterprise in this area – the Key Way group.
I've started, participated in and developed companies in Romania, as well as Bulgaria, Hungary, Czech Republic, Germany, the UK, Mexico, Dubai and South East Asia. I'm constantly looking for new segments, new markets and new opportunities, and therefore I interact regularly with the regulator institutions and official agencies in various countries and markets.
The most recent example is the GCC area (Gulf Cooperation Council - Bahrain, Kuwait, Oman, Qatar and the United Arab Emirates, and Saudi Arabia). I started to research opportunities in that area at the end of 2018 - more specifically, the United Arab Emirates, which are establishing themselves as one of the most dynamic markets in the world.
The whole experience of working with the official institutions there was a great example of how to attract and encourage investors! ADGM, the Abu Dhabi Global Markets regulator, was established quite recently and I was absolutely impressed with their professionalism.
To start off, I researched the local market regulators online. The information was clear and easily available: I contacted them online, via their website and LinkedIn accounts. They responded promptly, and in only a few days, we set up a series of meetings with the financial markets regulators in both Abu Dhabi and Dubai!
The ADGM gave me full support and very clear, detailed information on what and how I need to do to obtain a trading licence in financial services in the UAE. I met with representatives from both the ADGM registration department (where all new businesses have to register before they acquire a licence for online trading) and from the FSRA (Financial Services Regulatory Authority).
They were very clear on the procedure, steps to follow and criteria we need to meet, which is a fantastic help for an investor on a new, highly regulated financial market.
In a few days I started the onboarding procedure - everything happens online, everything is digital, everything is set up for maximum ease and transparency.
They set investors up for success, but they make sure they vet them thoroughly as well! A "user friendly" approach does not mean lower standards, quite the opposite - they made sure I meet all commercial and business criteria, they assessed my financial, capital and business status and previous experience, and checked references from markets in which I operated previously.
We went through a process of very rigorous assessment and due diligence, and several meetings where I detailed our business plan and long term vision. Professional but friendly - you feel welcome, encouraged and supported as an investor.
Furthermore, their “enthusiasm”, or appetite for new business, equaled mine! They’re happy to welcome new businesses, they work hard to attract them and to set them up for success. I was very impressed that they genuinely appreciate the fact that investors, however big or small, choose their market to set up a company.
I’d love to see this same level of energy, hard work and appetite for business in my home country, Romania.
While other jurisdictions welcome investors and work hard to create the framework for development and success, I often feel that the Romanian regulators, for financial markets and not only, start from a default position of suspicion or, at best, indifference. Investors are regarded with thinly veiled (if at all veiled!) suspicion and distrust and sometimes downright hostility, you almost feel guilty or embarrassed to be successful financially.
I hope to see this mentality change in Romania, because I, as well as most Romanian entrepreneurs I know, really want to make our country a top choice for investments, not just in outsourcing and services. We want to make Romania known for its know how and creativity.
I think Romanian regulators should remember that their whole purpose of existence is to enable business, not hinder it. And as investors, especially once we see best practices from other jurisdictions, we need to remind them of this reality.
- Fintech OS - B2B services and TaaS enabling automation for financial services. The fact that this is a Romanian company that has achieved such rapid growth proves that (to paraphrase) geography is not destiny. Their experience is inspiring.
- Fagura - P2P Lending. Although Fagura is actually coming from Moldova, they are present in Romania. This is a friendly peer-to-peer platform, modelled on UK similar companies. I think it has good potential for success.
- Smart dreamers – a platform for recruitment marketing automation, they’re already in the UK, the US, and Singapore, with enterprise-ready software that helps companies reach and engage with potential candidates online.
- Medjobs – this is a platform for recruitment and jobs in the healthcare sector. I like their focus and the fact that they’ve honed in on this very specific opportunity, as it is a very dynamic niche and was generally very fragmented.
- Typing DNA – such an original idea! They’ve developed an app for typing biometrics authentication – recognizing people from the way they type, this is an AI-based solution for risk-based authentication and fraud prevention.
- Competitors.app – a very useful and comprehensive app for monitoring competitors’ marketing activity across online channels.
- Finqware – this was badly needed in Romania, since most companies and people have several bank accounts and they need a centralized dashboard for their finances.
- Keez – A user-friendly alternative to accounting, payroll, and ERP software.
- Teleport HQ - An AI powered platform and suite of open source tools which simplifies UI building and adds realtime optimisations by analysing user's intentions.
- Cyscale - a Multi-Cloud Platform, for all major providers like Amazon, Google and Microsoft, which handles Cloud Native Security, Threat management and Secure Cloud Design.