Affected areas:
One of the EU's main ideas is to support free trade among the countries of the European Union. On the contrary, in our opinion, GDPR is negatively affecting the development of B2B trade among EU countries. We believe that the ability to easily find and verify business partners is important for the development of business within the EU. GDPR, on the other hand, reduces the availability of information and the ability to screen companies. We believe that instead of restricting the availability of data, a single register should be available that can be used both to verify the existence of business entities and their representatives, and that this data should also be provided as open so that it can be used for software development of solutions that increase the efficiency of European companies.
From our experience, GDPR has quite conclusive negative consequences for both B2B and B2C within the verifiability of companies. We believe that both legal entities and natural persons should not use the GDPR as a reason to restrict access to information about their business, both current and historical, which is currently happening. As we operate a database of companies ourselves, we regularly encounter that natural persons, legal entities or company statutory authorities try to flaunt the protection of their personal data and argue GDPR. As a result, both other companies and end consumers have impaired opportunities to detect rogue businesses, both natural persons and legal entitiews. When defending negative information about themselves, they defend themselves by protecting „their personal data“. Thus, they use the GDPR as a way to help themselves protect their negative reputation and possible fraud. The GDPR is not intended to protect rogue entrepreneurs or to disguise information that is normally required to screen entrepreneurs.
One of the direct negative consequences is, for example, the fact that the information about the entrepreneur's residence has disappeared from the Czech Trade Register in connection with the GDPR. Therefore, nobody can be completely sure that they are in touch with the real company representative even in case of closing a contract for example.
When we confronted the Ministry of Industry and Trade with this, asking why did they stop providing this data and how customers could really be sure that they are dealing with a real representative of the company, the Ministry of Industry and Trade informed us that customers and business partners should correctly request from the entrepreneur an extract from the non-public part of the trade register, which, moreover, the entrepreneur does not usually have on them and must obtain it in person at an office. We believe that the verification of the entrepreneur should be possible in a discreet way and without the need to make the verified entrepreneur go to the office, which will not add any good to the future cooperation between entrepreneurs. In addition, this seems like we are going back to the 80s when there was no Internet. Plus at the time of the coronavirus epidemic, the authorities are not working properly and people are advised to avoid unnecessary physical contact.
"Data from the non-public part of the trade register, such as data on residence or birth number, shall be provided by the Trade Licensing Office only to the entrepreneur to whom they relate, to the administrative body if it needs such data for business activities and in cases stipulated by other legislation."
Should GDPR result in a Europe that goes back and instead of electronic and easy verification of businesses across countries, a way is created that makes an environment that reduces the transparency of entrepreneurs, forcing entrepreneurs to visit the authorities physically?
If, for example, a foreign company would like to check a Czech entrepreneur in order to establish cooperation, it will be very difficult to remotely find out that a document that is to be an extract from the non-public part of the register is really true when there is no clear form anywhere.
We believe that it should be easy to check both legal entities and natural persons electronically and this data should also be provided in the form of open data, so that they can be easily implemented in information technology.
By choosing a business in its own name and expressing, at its own risk, the will to have its name and other information linked to its business, it is then pointless for such data to have the same level of protection as data of other entities to which GDPR turns out.
The GDPR is not intended to protect unsuccessful, fraudulent entities or others who use the GDPR as an argument for concealing their activities.
We believe that the availability of information on the history of organizations, natural and legal persons and entities is in the public interest and is also an essential pillar for the development of trade within the EU, but also between entities from EU and non-EU Member States.
If, on the other hand, the EU went in the opposite direction and made it easier to check European entities through openness of data, it would be a guarantee that if someone chooses to work with an EU entity, easily accessible and verifiable data, including its history, will facilitate trade because an EU entity would then mean that it is an easily verifiable entity in terms of its existence, history, etc
. Now, thanks to the GDPR, we are going in exactly the opposite direction, going against the public interest, the interest of the end customers and entrepreneurs to cooperate and trade with verifiable entities with a clear history and against the main pillars of the EU's free trade and single market development.
The GDPR can now be used as an argument for hiding data on subsidies provided from public funds to individuals, which worsens the transparency of the use of public funds. If someone receives a subsidy, whether it is a natural or legal person, we believe that information should be publicly available from whom, for what and what amount of the subsidy they received from public funds. On the contrary, we have information that natural persons use the GDPR as an argument for hiding information on the amount of subsidies provided to the entity. In addition, the Office for Personal Data Protection states that although the Open Data Act states that open data have unlimited conditions of use, such a point is probably not in accordance with the GDPR, and according to the Office, data on subsidies provided to entrepreneurs can legitimately be demanded about natural persons.
We believe that the public interest prevails here and it is not possible for some entities receiving subsidies from public funds to argue by protecting their personal data when obtaining public funds, whether legal entities or natural persons. The public should have the right to control who received the subsidies, and if this data is provided as open data, their use should not be restricted in any way.Unfortunately, the GDPR helps to reduce the transparency of the management of public funds.
Below is a statement from the Czech Office for Personal Data Protection in the confrontation concerning open data for subsidies and the wording of the Open Data Act:
The provision of § 4b paragraph 2 of the Act on Free Access to Information by stipulating that "It is considered that legitimate interests or the rights and freedoms of the data subject requiring the protection of personal data do not take precedence over further processing of open data" and processors in the processing of personal data carried out by them under the General Regulation on the Protection of Personal Data. Even for further processing, the condition of public interest in the published information must be met, resp. necessary for the purposes of the legitimate interests of the administrator concerned.
The provision of Section 4b (2) of the Act on Free Access to Information thus does not entitle private entities to create new data files from data files or records containing personal data which are open data in accordance with the provisions of Section 3 (11) of the Act on Free Access to Information. and records, for example by pooling personal data. Such operations with personal data may generate new information on data subjects who no longer fulfill the conditions for the lawfulness of the processing in terms of the public interest or the necessity for the purposes of the legitimate interests of the controller.
However, we note that the wording of the provision is proclamatory in nature and it is not clear from the course of negotiations and approval that an impact assessment (DPIA) and compliance with the principles of processing enshrined in the Higher Legislation Regulation, ie the General Data Protection Regulation (GDPR).
GDPR also has a clear impact on the development of software solutions within the EU. Developers of solutions that can easily operate abroad in the EU have a problem, which will increase the inefficiency of European companies. For example, some information systems have introduced a GDPR module that records how long I can keep the contact, etc. It lacks the logic to record in the system how long I can keep the data and automatically delete it after this period, if I still have a contractual relationship with the data subject. Various entities invent other GDPR functions, either for good reason or simply because of the ignorance of their advisor, in any case adding work to the users of these solutions and further reducing the efficiency of European companies. We do not know if the regulation has been sufficiently consulted with people who have experience with ordinary business practices, but it does not seem like much to us.
We believe that it should be clear that if an entity registered in a commercial or trade register itself presents its personal data on its website, in catalogs, in advertising, it automatically gives permission to use this data for processing, contacting, verifying and publishing. The same if I have a valid contract with the data subject, no deadlines for data registration should be needed and simply connect the right to follow up on a valid contract or business cooperation.
For example, GDPR has affected mobile applications that can record calls or applications that can automatically assign calls to information systems. Thanks to GDPR, European companies have to write more manually, cannot take advantage of modern technologies and have limited opportunities to develop automated systems that speed up their work.
Millions of users in the EU have used the applications such as ACR Call recorder (more than 10 million downloads on Google Play), but Google has limited the call recording feature following GDPR, although recording a call is not illegal if the other party is informed. Many users lost a practical feature that allowed them to record an important call or alike. GDPR thus negatively affects practical functions even if they are used in accordance with the law.
In the future, for example, there should be automated autonomous driving, logically it would be possible to automatically navigate to any company thanks to open data about companies and then it is necessary to automatically create a logbook for the purpose of driving related to the visited company. However, thanks to GDPR, developers may encounter problems related to data protection requirements such as the name and address of the business entity, although this data may be available within open data.
In our opinion, the GDPR neglects the open data provided by the authorities. We ourselves use open data within the company as a register of companies, etc.
On the one hand, some authorities provide open data to be provided without restrictive conditions of use, so they should be easily usable for the development of various software solutions, personal needs, publication in online catalogs and any other use, but data subjects request deletion. These data are threatened by the police, courts and argued by the GDPR, and in addition, the Office for Personal Data Protection agrees with this, even in the case of open data.
Given the fines for breaching the GDPR, it is indeed problematic and creates great uncertainty as to whether such data have truly non-restrictive conditions of use and, ultimately, the GDPR contributes to the uncertainty in the use of such data. From the logic of the matter, when the authorities publicly present this data and provide it in machine form for further processing, then this data should have a clear definition within the GDPR that it is really possible to use, publish and implement for development without problems and fear of fines and solutions that have the task of increasing efficiency, examining companies, etc.
Currently, in our opinion, the GDPR completely ignores the area of open data.Although our company was small, we managed to address Czech deputies, and they incorporated the current specification of the Act on Free Access to Information into the draft implementing regulation.
"It is considered that the legitimate interests or rights and freedoms of the data subject requiring the protection of personal data do not take precedence over the further processing of open data.".
However, we think that similar wording should be directly part of the GDPR and should not rely on specific countries to clarify similar ambiguities.
Because when we confronted the Czech Office for Personal Data Protection in the matter of open data on subsidies provided to natural persons, the above-mentioned legal regulation was not interested in the implementing regulation and stated that it was probably in conflict with the GDPR. Although open data under Czech law should mean unlimited conditions of use.
“The provision of § 4b paragraph 2 of the Act on Free Access to Information thus does not entitle private entities to create new data files from data files or records containing personal data which are open data in accordance with the provisions of § 3 paragraph 11 of the Act on Free Access to Information and records, for example by pooling personal data. Such operations with personal data may give rise to new information on data subjects which no longer fulfills the conditions for the lawfulness of the processing in terms of public interest or necessity for the purposes of the legitimate interests of the controller. "
The GDPR itself has also had a negative impact on the volume of open data provided.See the previously mentioned fact that information about the entrepreneur's residence has disappeared from open data, thus reducing the possibility of verifying it. Following the GDPR, the statistical office stopped providing data on turnover categories for individuals in business, this data was used both for scientific and statistical data and to verify that you will be doing business with a company that is actually carrying out an activity and generating some turnover.
GDPR should not reduce the usability and accessibility of open data. This is against transparency and the development of new efficiency solutions.
GDPR has brought efficiency decrease to many European companies, addressing the place of business and their responsibilities as to whether and how long they can record regular contact details, even when data subjects disclose the data and have a valid business relationship and contract with the entity. They have to enter this data into the information system, which is worth the time they could spend generating profit, which also means higher taxes for the European Union.
After the deadline, they should delete this data or repeatedly request permission.
We believe that if there is active cooperation between subjects, it is clear that it is possible to record data, the same in situations where the data are publicly presented by the data subject. It is really not effective after the period to automatically search for publicly presented data or repeatedly ask the subject for permission to use them when cooperation is taking place or may take place if someone does not want the data to be used further, for example to contact them. GDPR has currently brought extra activities that lack logic and are contrary to normal business practice.
As we mentioned above, the regulation reduces the efficiency of companies and especially sales departments by unnecessarily recording data and increasing administration instead of selling. Sales departments are uncertain whether it is possible to actively offer their products.
New entrepreneurs often start by, for example, acquiring a database of companies in their field of business and trying to offer their services or products to a quickly selected group of entities, because of course a start-up company must build its clientbase as soon as possible in order to function successfully. However, GDPR brings in uncertainty in the database market, even though companies that provide such services offer only publicly presented contact information or data from open data. Logically, if they present their data publicly as contact information of a company, organization, then I can expect that this data will be used by others without written consent.
With the GDPR, uncertainty was introduced here at the same time.
Another practical example of the negative impact is the above-mentioned abolition of the provision of turnover category data for natural persons engaged in business.
[This information for the sales department was a sign that it is important to address the entrepreneur, because they perform some activity and the category of turnover also indicated whether it is the size of the target group of the entrepreneur. For example, it doesn't make sense to offer someone a machine for 10 million when their company's turnover is 1 million. As a result of the fact that the information is no longer provided by the authorities, it is that companies with active business will address more entities that do not actually carry out activities and will waste time unnecessary business activities, but also the time of those people who do not really work or are not the target group.]
The result is lower profits and lower taxes paid for national budgets and the European Union budget.
Thanks to barriers to active trade, GDPR gives an advantage to large multinationals that can afford large-scale advertising, but it significantly worsens the activities of small and start-up entrepreneurs who do not have such general opportunities and have to use active sales in order to promote their services and products.
At the same time, it also serves to check the entrepreneur's turnover, if you have to conclude a large deal with someone, but it tells from the business history of the entrepreneur that the subject does not generate any activity, you would be very careful in such a deal and try to check the subject.
In addition, the reduction and difficulty of screening natural entrepreneurs will result in less trade with these entities, which is contrary to the promotion of small businesses, as GDPR will ultimately harm these entities from a commercial point of view, as it will reduce their verifiability and credibility.
We understand that for some, active sales are unsolicited, but ultimately based on business development and the entrepreneur buying a new service, product, technology from the seller can increase its efficiency and revenues, which ultimately develop the entire European market.