GDPR – many people use this abbreviation, without being aware of what is really behind it. On May 25, 2018, new EU regulations related to the protection of personal data entered into force. In accordance with the accepted standards, the Polish legislator must adapt national legal acts to the Community regulations. The obligation to implement the provisions of the GDPR applies to all Polish entrepreneurs and public sector institutions that process personal data as part of their activities. This will not bypass companies in the loan industry.
The 2018 GDPR initiated a pan-European revolution in the protection and processing of personal data. Although the introduction of the new law has been known for a long time, these provisions still remain incomprehensible to many consumers. In today’s text we will focus on issues related to the application of the GDPR for online loans and the broadly understood activities of loan companies.
Online loans RODO Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / – is the official name of the act, which has already gained a more popular term: GDPR.
There are several dozen non-bank institutions in our country that grant both installment loans and payday loans. Naturally, each of these entities collects, secures, transfers and processes a lot of personal data left by customers in the application forms. The number of borrowers can be safely estimated at several million people. It is worth adding that in almost every case the consumer reaches for the commitment by electronic means.
The GDPR brings changes including in the perception of the definition of personal data alone, which was specified by the Personal Data Protection Act. In accordance with art. 4 paragraph 1 GDPR, personal data is “information about an identified or identifiable natural person”. Therefore, this group primarily includes the name, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social factors determining the identity of a given natural person. In addition, personal data can be talked about in the case of IP addresses, information contained on profiles in social media and very often email addresses used for various types of orders or in professional life.
Each of us values privacy, and since the GDPR came into force we think even more. That is why we present below the companies that guarantee data security and quick credit decision.
The EU legislator has put a lot of weight into creating rules where personal data will be used in a transparent, reliable, correct manner and only when it is really needed. One of the key concepts is limiting the necessary goal. Until now, it used to be the case that one marketing consent expressed when signing the contract resulted in the fact that loan companies could send customer data to their business partners. Probably most of us have once received an offer or inquiry from any of the entities, despite the fact that we have never given an email address, telephone number, and certainly a residential address. Now the rules are to change in favor of consumers. The GDPR reduces this issue to a simple principle: one goal – one consent and information!
Any consent must be given voluntarily, knowingly after all necessary information has been provided by the loan company. Importantly, the GDPR does not only apply to personal data of the institution’s customers, but also its employees! This is one of the aspects that many entrepreneurs forget about. An important norm is also the possibility of being forgotten. In practice, this means the right to withdraw consent previously given. You can do this at any time, without any specific reason or justification for your decision.
Until now, enterprises, including loan companies, registered databases in GIODO, i.e. the General Inspectorate for Personal Data Protection. The GDPR replaces it with another institution – the Office for the Protection of Personal Data. Therefore, the reporting obligation for data sets disappears. In its place, however, a new requirement appears. Since the entry into force of EU regulations, companies will be forced to run register of processing activities. It must contain, among others name and contact details of the administrator, processing purposes, description of the group of people to whom they will be forwarded or made available for inspection.
The regulation largely amends the provisions in force in accordance with the Act on Personal Data Protection (UODO), which set out sanctions for violating the law on the protection of personal data. Pursuant to the regulation, administrative fines and administrative fines will be involved. The first group includes providing the administrator with warnings, reminders, orders, introduction of temporary or total restriction of data processing, including even a ban on performing this activity.
Financial sanctions should include financial penalties of up to EUR 10 million or 2% of the company’s total turnover for the previous year. More serious problems await companies that do not comply with the order issued by the supervisory authority. In this case, the fines can reach up to 20 million euros or 4% of the company’s total annual turnover. Strictly administrative and financial penalties according to the GDPR can be easily combined. The sanction is, as indicated in the legal act, to be proportional to the seriousness of the violation of the regulations, and to discourage entrepreneurs from further violations.
When analyzing the online loan market, it must be admitted that new loan companies are putting more and more emphasis on a high level of customer service related to the security of their data. By adapting to market rules and statutory fortifications, the latest loan companies should not have problems with GDPR. Of course, it also depends on how they promote their own online loans. It happens that the marketing used by the loan companies is aggressive, which can be seen from the emails received. Still, if our personal data is processed in accordance with the new regulations, the loan companies themselves should not have problems in this field. As an example of a high level of customer service, it is worth recalling the “wonga” company.
So, as we can see, under the mysteriously sounding and announced with reluctance, the GDPR hides regulations that will determine the new perception of personal data protection for many years to come. Entrepreneurs should adapt to the new law by introducing changes in:
This is particularly important when it comes to online loans. Life will show whether the changes will bring positive effects and how native companies will find themselves in the new reality.