The data revolution: from open banking to GDPR – The way Europe does business has changed.

Tough new laws came into effect in recent months that promise to bolster human rights in Europe, but have businesses done enough to prepare for GDPR?

As a consumer, many are delighted about not having to receive as much promotional mail into their inbox.

The four letters that are going to transform the way many of us do business – GDPR or general data protection regulation. It’s the biggest shake up of privacy laws since the birth of the internet. It gives people across the European union control over their own personal data, and it could mean huge fines for organisations that misuse it.

You have probably had a lot of emails lately from companies asking you to review their privacy policies, this is due to new data protection laws come into force today that changes how personal data can be used, and stops companies using some of their old tricks to get a hold of our personal information. GDPR applies to all European union countries, but all countries must comply when dealing with EU citizens. These new laws specific how companies can get our consent to use our personal information. This consent can no longer be buried under pages and pages of legal documentation, and it must be clearly distinguished from other functions.

Pre-ticked boxes no longer constitute consent and making someone hand over more personal information in exchange for more features or a premium service is also now allowed, as this counts as freely given consent.

So how much of a problem is this going to be for businesses?

There is certainly a degree of panic in Europe, and they have had a relatively long time to prepare for this legislation, and this panic is most prevalent within smaller organisations. There has often been a lot of misinformation, and small organisations are watching what big businesses do, which are sending emails requiring users to opt in, to continue receiving information from us – and they may not have been necessary, or even indicative that these organisations had not done a great job when collecting your data in the past, and so are now panicking about it. Yet this is a complex area, and it does require preparations, and some companies are finding it difficult to catch up.

Additionally, The Chicago Tribune and LA Times are among those reporting a current unavailability across most of Europe. Furthermore, law suits have been filed against multiple US tech giants within hours of GDPR being in effect.

Vera Jourova, European Union Commissioner commented:

“I want small businesses to understand better (GDPR), and maybe its our role to explain better that they should do the risk assessment, to check whether their business poses a risk to the private data of people. Just an example, if you have one shop and you are running one database, having the data of your clients, you should have a good server that is protected against hackers and not do much more.

But if you are a company that monetises the data of people, a company that sells the data it holds to third parties, if they make the core business of processing data, these companies should do more, they should take protections to make the data secure, and I think it’s fair, that if you take the data of people you should give something back to the people, and that’s the higher protection of GDPR. “

Here at Horizon, we have already updated our terms of use and privacy policies to be compliant with these latest changes. We take your privacy and data extremely seriously, and as our data collection process was already GDPR compliant we were one of the companies that did not need to spam our users for new permissions to keep in touch.

We also had it easy compared to most – our payment processing infrastructure and data regarding credit/debit cards is all hosted off-site at – as a leader in online payment processing, Stripe keeps us compliant and keeps you and your data safe.

We’ve also had security researchers from take a look at site-wide security and best practices to ensure we are fully compliant, but that’s a topic for another post.

From the consumers point of view: does this put the customer back in control of their data?

In one way there have been many commentators who have been delighted about receiving all of these emails from various companies they have hardly heard of and using it as a method to spring clean the inboxes. This does put additional power into the hands of consumers, yet the consumer awareness is not sufficient in terms of exercising this new power, so understanding what companies do have data on me, and using the mechanisms that should now be available to have that data erased if requested.

We all know that lots of companies keeps lots of data, from just your email address to banking information, and in the case of social networks, your photos, your date of birth etc. This is all very powerful information if gotten into the wrong hands.