The Americans have Fort Knox, traditionally claimed to be the most impenetrable place in the world. The European Union has data protection laws, the most impenetrable data storage system in the world. This is how the EU laws on data protection work in the cannabis industry and why they are important for Cannavigia and our clients who use the cannabis compliance software.
What are these data protection laws?
The European Union has the strictest data protection laws in the world. When these laws have been initially implemented in 2018, most multi-national tech companies like Google, Facebook and Uber had to rewrite their privacy policies in order to comply. Certain websites who don’t comply with these laws are not accessible in the EU.
In what the New York Times described as the “world’s toughest rules to protect online data”, a Dutch court interfered in a family dispute when a grandmother published photos on Facebook of her grandchildren – against the wishes of their parents – with the court finding against the grandmother.
In its most basic form, the law allows people to request their online data and restricts how businesses obtain and handle the information. In a strongman move, the EU is insisting on similar laws in other countries as part of trade deals. The EU is positioning itself as the world’s most prominent tech watchdog and it can only benefit people who store their data there.
How do these laws work?
The laws allow individuals to reduce the information footsteps when browsing. Upon request the data that is held by companies on individuals has to be revealed and a further request can have it deleted.
Any company that stores data has to be clear about how it is being handled and has to take one step up from normal data protection when they sell personal information for targeted advertising. If companies do not comply, they face huge fines and privacy groups that are working on class action law suits will put more pressure on legal companies.
Between May 2018 and November 2019, 275,000 complaints over data protection breaches were lodged by individuals to national data protection authorities.
The General Data Protection Regulation (GDPR) requires that all data collected on citizens must be either stored in the EU, so it is subject to European privacy laws, or within a jurisdiction that has similar levels of protection. The GDPR is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union, it imposes obligations onto organizations anywhere, so long as they target or collect data related to the EU.
The GDPR applies to:
1. a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
2. a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
Having said that, the GDPR seems to have a flexibility that can adapt to any circumstances. During the coronavirus tracing apps became of vital importance but at the same time the GDPR was able to adapt it in such a way that personal data protection was part of the package according to a toolbox issued by the European Commission.
Why are we telling you all of this?
“Cannavigia is aware of the fact that customer data is sacred”, says Sebastian Gerecke, who is Chief Information Officer at Cannavigia and is responsible for quality assurance and data safety. “Certain actions that take place cannot be repeated therefore the system has to be infallible. Once entries have been logged, they get stored in a database which is mirrored in a second location and is backed up two times per day. The backup gets a signature that is once again backed up in blockchain. This guarantees the correctness and safety of the data.”
The data governing laws for the EU is a lot stricter than, say those in the USA. Cannavigia may be a Swiss company, but when it comes to data security they follow European Union guidelines. This means that the data you are storing on the cloud about all your harvest, your company, your personnel and any related issues fall under this law.
“The EU laws are more strict,” says Sebastian “and we have a lot of clients in the EU, so it just makes sense to choose the stricter version of standards.
We develop software that is safe and doesn’t leak your data. Our encryption is of the highest possible standards and resistant against attacks meaning no unauthorised access.
Cannabis data isn’t special because it’s cannabis. It is therefore stored in the same way as all other data.”