What is the GDPR? Does it seem like a good idea?

thescoho
3 min readNov 13, 2018

--

The GDPR, short for General Data Protection Regulation, is the new privacy law approved in 2016 jointly by the European Parliament, the Council of the European Union and the European Commission. It aims to be a centralized law for all the EU member states by enforcing a single data protection law. GDPR will replace the existing European Data Protection Directive (which btw, came into the picture in 1995), which will be in effect until May 25, 2018. Post this date, GDPR will supersede and GDPR will govern all the laws attached to data protection.

Not only does GDPR cover all the members of the EU, but also any organization which sells goods or services to citizens of the EU and processes or monitors the personal data of EU residents. The primary stakeholders of the GDPR fall under 3 categories — data controllers, data processors, and data subjects. Data controllers are the deciders of the purpose and methods of processing personal data. Data processors process the data according to the instructions given by the data controllers. Lastly, the data subjects are the citizens of EU using goods and services provided by the data controllers.

Some of the main features of the GDPR are breach notification, right to access, right to be forgotten, data portability and privacy by design. Breach notification ensures that data controllers inform data subjects about breaches which will have a potential leak of personal information within 72 hours of knowing the same. Data subjects can take advantage of the right to access to gain information their personal data from data controllers. The right to be forgotten allows data subjects to have all of their personal data erased from the logs of data controllers. Data portability lets users receive the personal data concerning them, which they have previously provided in a common use and machine-readable format and have the right to transmit that data to another Controller. Privacy by design restricts data controllers in a way that restricts data controllers to hold and process only the data absolutely necessary for the completion of its duties, as well as limiting the access to personal data to Data Processors.

I gravitate towards GDPR existing for the greater good more than it being a detriment. After centralization of data protection laws for the EU, more importance will be given to what companies are doing with data about their users. Centralization ensures no inconsistencies for both companies and users in how they approach issues like data breaches, rights, and usage. Certain features of the law like the “right to be forgotten” bring back power to the users. The “right to be forgotten” entails the deletion of all the personal data of a data subject from the logs of the data controllers. This allows users to have a step forward in their ownership of their online selves. GDPR also allows users to get information about how, where and what purpose their personal data is being processed. Failure by the companies to adhere to the arrangements in GDPR allows GDPR authorities to levy fines up to 20 million euros.

The only drawback of the GDPR today is its exceeding complexity. Everyday users will have a hard time reading through all the fine print to take full advantage of its breadth of laws. The very broad nature of the law’s terms also makes room for ambiguity. Terms like “adequate safety should be in place” make GDPR ambiguous for data controllers adhere to and implement appropriate measures. Even then, I believe GDPR will play a significant role in the future of data protection, privacy, and ethics. Big companies in tech will have to adhere to the principles of the GDPR and thus they can necessarily be restricted effectively so that data subjects have better privacy and more control over how data controllers can use their personal data. GDPR is a big step in raising awareness about data protection and privacy among data subjects as citizens take control over their digital lives for a better and safer digital environment.

References

Shrivastava, P. (2018, March 15). All you need to know about GDPR — Explained — Hacker Noon. Retrieved from https://hackernoon.com/all-you-need-to-know-about-gdpr-explained-8e336a1987ea

Cool, A. (2018, May 15). Europe’s Data Protection Law Is a Big, Confusing Mess. Retrieved from https://www.nytimes.com/2018/05/15/opinion/gdpr-europe-data-protection.html

--

--

thescoho
thescoho

No responses yet