GDPR - What is all the fuss about?

GDPR - What is all the fuss about?

May 25th is behind us and the Earth is still spinning. This probably is the best time to sit back and calmly assess where you are in business with respect to GDPR compliance. The last two years have had the global business in a frenzy. As with most deadlines, the last two months is when most of us seem to have woken up to GDPR.   




While the businesses have had GDPR nightmares, common people have been basking in the attention and importance given to data protection and an individual's rights to personal data. In most of the interactions had with organizations and individuals, GDPR-understanding felt like that  fable of 6 blind men describing an elephant. 





To break some myths around GDPR and help understand GDPR in lay people's terms, we'll be sharing a few posts over the next few weeks. Do follow this series, share your thoughts, ask questions if any.

Getting started

If you are a business that's been grappling with GDPR law and want to take stock of what you have complied with, how much you should do, and how to ensure continue being compliant, it's important to do these three basic things:

1. Get familiar with the GDPR lingo and keep repeating them everyday so it becomes common language and ceases to be that nightmare.

2. It's a good idea to try and understand what GDPR is not. This lets you breathe easy and you know that life is still normal like the pre-bigdata/metadata days!

3. And then stop being in denial about GDPR being for real and start making that checklist.  Keep updating the checklist. And work towards ticking off the items on that list.

Breaking down the GDPR lingo

You've had a good start to understanding and internalizing GDPR if you are already liberally interspersing your conversations with the following terms:

  • Consent
  • Legitimate interest
  • Personal data
  • Privacy policy
  • EU datacenter
  • DPIA
  • Data protection
  • Data collection
  • Data processing
  • Data governance
We'll look into each of these terms and more in detail in the next few posts.

What GDPR is not

1. Whatever GDPR maybe, it certainly is not a mean monster out to get you to pay heavy penalties. Huge penalty is just one of the consequences of not respecting users' right to their data privacy :)

2. GDPR did not materialize from thin air. It replaced decades old EU data protection laws that are now redundant with the advent of Internet as we see, use, and rely on today.

3. 'Consent' is one of the most misunderstood properties of GDPR. It is just one of the several ways in which you can establish GDPR compliance.

4. GDPR is not here to make it difficult for the rest of the world to engage in business with Europe.

5. Achieving compliance is not merely checking those boxes and claiming compliance by May 25th, 2018. It has just come into effect and is a work in progress. Which means, organizations will continue to operate on this framework and strive to contain the existing activities within the prescribed framework too.

What GDPR really is

EU has had data protection laws for over two decades.  In fact, it is supposed to have started way back in 1948 with the ECHR !  With Internet and technology changing the way business happens, the EU laws that prevailed until 2 years ago were redundant and required a massive rehaul:

1. GDPR is a set of rules that replaced the 1995 Data Protection directive.
2. The rules apply to all the companies across the globe if they engage in business with customers in Europe.
3. These laws are made a bit more stringent to ensure that companies do all it takes to protect the rights of individuals over their personal data.
4. These rules apply to organizations that collect data of individuals.
5. It empowers users with new rights over their data.

The European commission followed this up with a new ePrivacy proposal in January 2017. We'll discuss this in detail in one of the upcoming posts that are aimed at bringing us all up to speed on understanding and ensuring GDPR compliance.

Setting aside all the speculations, varied interpretations, and understanding, it's a good idea to embrace the law and here is why:

1. It's a move in the positive direction for organizations as it helps shed bad practices in handling customer data.
2. It is always a good feeling (and safe) to fall back on legalized framework.  The room for errors or mishandling are greatly reduced.
3. GDPR and ePrivacy, fixes accountability and defines rules to bring about this accountability instead of leaving it open to interpretations and ambiguity.
4. And in every sense, companies will be putting the customers first.  This is a sure shot way to succeed in an era driven by Internet and AI. 

Stay tuned for more updates on all things GDPR!