GDPR

GDPR

Categories : Business , Internet

On the 25th May 2018, stricter rules for data collection, processing, storage and access will come into force with the incoming General Data Protection Regulation (GDPR). Emphasis has been placed upon Customer Consent and the storage and usage of Children's data.

In the context of the recent revelations that Cambridge Analytica, a data company link to the Trump presidential campaign which laid its hand on personal data from up to 50 million Facebook users off the platform without their consent, large IT companies in Ireland are beefing up their compliance staff and tuning their processes with the GDPR.
It will aim not only at European technology firms but also companies which have a foothold on the European market. Failing to comply with this new regulation can cost up to €20 million or 4% of the global turnover.

What can we expect from it?
Holding personal data will be accountable under the following headings:
Why are you holding it?
How did you obtain it?
Why was it originally gathered?
How long will you retain it?
How secure is it, both in terms of encryption and accessibility?
Do you ever share it with third parties and on what basis might you do so?

Individuals have, at any time, the right to:
The right to be informed
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right to access

For larger organisations or some organisations, holding or managing large sensitive data, the GDPR will require them to name a data protection officer (DPO).

What is at stake?
According to some, the gigantic multi-billion dollars business of the advertisement have had a free ride for far too long. The core business of those companies, offering ad placement relative to personal data in their possession will certainly be re-thought. For some of them, it is a meaningful part of their revenue, albeit not the only one.  

An interesting question missing in the debate is the following: Who holds the accountable accountable?
For the Average Joe, most of this topic resonates like mumbo-jumbo.
How much will it cost to implement these new processes for the tax payer and for the businesses? At the end of day, it is the end-user or the customer who pays for it.
What about State organisations, such as the NSA and GCHQ, will they be obliged to comply?

It will be quite interesting to monitor the technical challenge encountered to put the GDPR in place. More information (Link)