Why do we need GDPR?

Most EU citizens will have heard about GDPR in some respect, be it in the form of news reports or emails from subscription services. However, despite the press coverage, relatively few will have any idea of what GDPR is. Also known as the General Data Protection Regulation, GDPR came into effect on the 25th of May 2018 after a two-year grace period. After this date, the EU required that all companies handling EU citizen’s data must comply with the new data regulations.

GDPR was established to address new concerns on how private personal data was being handled. It defines “personal data” as anything that contains “personally identifiable information”, meaning it can be used to track specific individuals. This can include a wide variety of information, from names to passport numbers. All of this data has value as if it is breached it could leave the person to whom it pertains vulnerable to fraud. There are other types of personal data that are considered more sensitive than the usual identifiers, such as religious beliefs or sexuality. As these are at the discretion of the individual to disclose, it is also important that they remain private.

GDPR applies to all organizations within the EU alongside any organizations based outside the union if they handle the data of EU citizens. This safeguards the rights of EU citizens regardless of where their data is being handled or processed. It is likely that the UK will adopt privacy laws similar in framework to GDPR after it leaves the EU.

Regrettably, cyber attacks are on the rise globally. This threatens information privacy as advanced cybercriminals are able to access data and use it for nefarious means, from creating fake identities to making false insurance claims. However, GDPR lays out Eight Common Privacy Principles that all organizations that handle EU citizens’ data must enact to be GDPR-compliant. The Privacy Principles are as follows: notification, lawfulness, limits, security, accountability, downstream protection, access rights, and breach notification. Each of these principles put the safety of the data subject to the fore.

GDPR is considered one of the most robust data privacy laws in the world, and it is highly recommended that all organizations affected by the new regulations train their employees. Importantly, it puts emphasis on the rights of the data subject to question how their data is being collected, what it is being used for and also gives them “the right to be forgotten”. This means that data subjects have the right to opt-out measures such as directed advertising, where their personal data would be used to show them advertisements directed towards their interests. They may also set a time limit, before which their data cannot be processed but after which it can be used for a pre-specified purpose.

There are, however, some exceptions where these rights do not apply. If an individual’s data is needed for defense purposes, to prevent crime, to prosecute a crime or for issues of public health, an individual’s private data may not be treated as such. In all other cases, however, everything possible should be done to protect privacy.

Previous articleWhat Will Happen When Your Ex Finds You on Facebook?
Next article3PL or 4pl Logistics Who will Rule in 2019?
Rafiqul, a techie/engineer by profession, is adapting his lifestyle driven by the passion to be a blogger and an author at Trendy Tattle. He enjoys blogging more than his day job since he is his own boss here and he is establishing his .com lifestyle in this limitless earning potential online platform. He is a goal achiever and is punctual in all his chores. With travel and music as his hobbies, he can certainly think about an alternate source of finance, which will undoubtedly help him.


Please enter your comment!
Please enter your name here