by Sanjeev Kapoor 27 Jul 2018
EU’s General Data Protection Regulation: Pros and Cons
share on

EU’s General Data Protection Regulation: Pros and Cons

The privacy and data protection issues have been in the news for several times since the beginning of 2018. On the one hand, large-scale data protection incidents (such as Facebook’s famous Cambridge Analytica case) have completely changed our perception of how major internet platforms handle our data. On the other hand, the European Union has put into force its new data protection law, which is already changing the way in which enterprises collect and process private data. The GDPR policy has been implemented at a perfect time, as the users are beginning to have intense concerns about their online privacy. As such GDPR has attracted a lot of interest from the public, in addition to interest from stakeholders responsible for implementing and enforcing it such as legal experts and online service providers.

GDPR supersedes the former Data Protection Directive, was has been in effect since 1995, serving as a data protection guide for all European organizations ever since. GDPR includes several of the elements of this former directive, yet it is much more ambitious in terms of its protective measures while introducing much higher liabilities for non-compliance and personal data abuse. In general, the GDPR aims at providing individuals with greater and more fine-grained control over their personal data, while at the same time ensuring that the organizations that collect and analyze personal data ought to be more cautious against potential privacy violations. Furthermore, GDPR is notorious for the power that it provides to data protection authorities and national regulators to impose significant fines on enterprises that breach the law.

GDPR is already a reality, as it has been put into force as on May 25th, 2018. This milestone was reached following a two-year transition period, that was given to organizations in order to comply with it. The European Parliament voted for GDPR during the first semester of 2016, yet it gave organizations a grace period to help them prepare for the transition. Nevertheless, today, two months following the official launch of the GDPR, there are still several misunderstandings about it. In the following paragraphs, we shed some light on some of the basic concepts and principles surrounding GDPR.

 

GDPR’s Main Principles

GDPR is driven by six main principles, which should drive data collection, handling, and analysis, by all organizations that gather, control and/or process personal data. In particular:

 

GDPR’s Global Impact and Main Implications

GDPR was created in Europe and is meant to be applicable to European organizations. It applies to all processes that entail collection and analysis of anyone’s personal data, whenever the processing is performed as part of the activities of an organization established in the EU.  Even if the processing of the data takes place outside the EU, organizations established in the EU must abide by the GDPR. Therefore, its applicability impacts organizations and enterprises beyond Europe, such as multi-national US firms with an established presence in the EU. Moreover, GDPR is having a global rather than EU-wide impact for the following additional reasons:

The need to comply with GDRP has important implications for enterprises and other stakeholders, for example:

 

We are only two months past the enforcement of GDPR and it’s probably too early to evaluate its impact on the market. For example, up to date, there have been no notorious fines for non-compliance, which could have a severe impact on some businesses and their stance against GDPR. Enterprises have certainly experienced the overhead of GDPR preparation, while consumers have been bombarded with messages about revisions of privacy policies and requests to reaffirm their consent for certain data processing tasks. GDPR is here to stay and will certainly put a lot of pressure on enterprises, IT solution integrators, and consultants. The challenge is to turn GDPR from an administrative burden to a growth vehicle that would give an opportunity to effectively manage data in this increasingly data-driven and customer-centric world.

Recent Posts

get in touch

We're here to help!

Terms of use
Privacy Policy
Site Map
2015 IT Exchange, Inc