General Data Protection Regulation

GDPR

Data has been the buzzword for ages now. Whichever industry you work in, or whatever your interests are, you will almost certainly come across the story about how data is changing the face of our world.

Good old days, there was a famous quote which was penned by a prolific English author stating "A pen is mightier than a sword". Looking at the feet achieved by the industry today, it wouldn't be incorrect if we rephrase it to say "Data is mightier than a sword". Data is what drives a study helping to cure a disease, boost a company's revenue, forecast a certain event or be responsible for those targeted ads you keep seeing.  Having said that, there is also a lot at stake when we use data to change to the world. Data is one of the most important assets a company has. For that reason alone, data protection should be a top priority for any company. The fact that data can be used in so many ways is what makes it such a dangerous tool. A single company may possess the personal information of millions of customers data that it needs to keep private so that customers' identities stay as safe and protected as possible. Data breaches happen inevitably. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it and those people often have malicious intent. As more of our data has become digitized, and we share more information online, data privacy is taking on greater importance. Data privacy relates to how a piece of information or data should be handled based on its relative importance. For instance, you likely wouldn't mind sharing your name with a stranger in the process of introducing yourself, but there's other information you wouldn't share, at least not until you become more acquainted with that person.

This is where the European Union has stepped in and made a momentous decision of introducing a new data privacy law which can be termed as a game-changer. This new law is known as GDPR (General Data Protection Regulation). The law was enforced across all EU member states on 25th May 2018, which turns out to be a landmark in the European privacy framework. It will apply to all companies selling to and storing personal data about citizens. According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, and updates on social networking websites, location details, medical information, cookies, digital footprints or a computer IP address.

       
Before GDPR was enforced, the previous data protection rules across Europe were first created during the 1990s and had struggled to keep pace with rapid technological changes. GDPR alters how businesses and public sector organizations can handle the information of their customers. It also boosts the rights of individuals and gives them more control over their information. The goal of the new legislation is to give EU citizens more control over when and how their personal data is used by online entities, but it also has the far-reaching effect of requiring all websites, no matter where they are based, to take a tougher stand on managing the privacy and safety of users' personal data. The GDPR's stated mission is to help EU citizens protect their online data. 

The GDPR does not prohibit sites from collecting and using visitor data, but it does require them to give users clear and explicit control over how they do so. Until the GDPR took effect, many sites relied on "assumed consent," that is, by the act of using the site in any way, you were consenting to allow the site to store and use your personal data for its own purposes. Now, websites that collect any of these kinds of data need to get users' explicit consent via a positive opt-in, such as a checkbox, and to inform them clearly how their data will be used. 

                 
The GDPR also clearly establishes users' rights to their own data. Along with clearly stating how, why, and where the site stores and uses data, websites must allow users to download the information the site is holding, and to request to have it deleted at any time. For example, if you had subscribed to a particular site's newsletter, but then closed your account, you must be able to have access to your information stored on the site and to ask the site to remove it as soon as possible.

Moreover, the penalties for non-compliance with the GDPR can be stiff. First-time violators receive a warning. After that comes a reprimand. If problems aren't addressed, the site is suspended from all its data processing activities. And if that isn't enough, stiff fines are imposed which amount up to 4 percent of a company's annual global revenue, or 20 million Euros, whichever is greater.

The provisions of the GDPR have website owners around the world worried and because there are so many different ways in which information is exchanged, it can be easy to miss a crucial step and fall into noncompliance. The whole digital marketing industry has been taken aback by this new regulation. The companies can no longer leverage the data as easily as they could earlier.  There are huge repercussions in terms of finance as well because Enterprise interest and investment in data privacy is driven by financial risks which are not just the regulatory fines, but the potential brand damage as well. 

Companies, therefore, need to do more as regards to transparency and more to demonstrate how they are acting ethically and responsibly with regard to their customers' data. But the question arises will the companies be able to cope up with the new regulations or will they succumb to the pressure. Well, let's leave it to the expert (TIME) to decide. 


Blog Written By: Debesh Prasad Das


NOTE: The views expressed here are those of the author's and not necessarily represent or reflect the views of DOT Club as a whole