GDPR Paves The Way For Data Subjects Of The World

The European General Data Protection Regulation (GDPR) has been in the limelight these last few weeks. And for good reason, too. It is an extensive document, to say the least. One reporter found that the number of pages in the document are enough to cover a football field — which is 360 feet long and 360 feet wide.

The document has been in the pipeline since the former Vice-President of the European Commission Viviane Reding initiated it in 2012 and it finally went into effect on 25 May. It seeks to not only set the standard for data protection and privacy in Europe but across the globe for all “data subjects” (read: anyone on the internet anywhere).

The GDPR makes two critical changes to the Data Protection Directive of 1995 that preceded it. First, it emphasises the universal nature of the legislation. For any legislation to apply to all world citizens, this is undoubtedly a prerequisite. The GDPR tries to prescribe the best possible rules and practices for data regulation that can be common to citizens of all nations. Second, it is legally binding. Any company that breaks the regulation is liable to pay up to 4 percent of their worldwide sales as retribution.

This, of course, is a macroscopic view of the regulation that is presented by experts. The regulation is still expected to have loopholes. To device perfect laws in complicated matters such as protection of data privacy is close to impossible. The GDPR will be prone to discrepancies in interpretation and implementation. Nonetheless, some things are as clear as daylight in it. The document is strongly against companies sharing personal data of their users or customers with any third parties. If this must be done, it must be after gaining prior permission, or at risk of serious consequence.

Viviane Reding, referred to the recent Facebook Cambridge Analytica scandal to make this clear. She said, “The Facebook Cambridge Analytica scandal, if it had happened on 26 May, this year, would have cost billions of euros to Facebook, among others. You cannot hand over the personal data of citizens without having asked if the citizens agree that you hand it over. And you cannot steal it and just tell them after. That is not possible anymore, according to the new law. If you do, then the penalties will be very, very severe.”

The Road Ahead

Companies are taking the GDPR seriously. It’s why you have been receiving and will continue to receive emails from digital services about updates in their privacy policies. According to experts, MNCs are hiring as many as 300 to 500 people just to ensure their compliance with the GDPR. They are spending as much as 50 million dollars on this. Of course, the same cannot be said of small companies. Bigger companies are better poised to absorb the GDPR than smaller ones. This is one of the drawbacks of having extensive regulation for privacy. Having said that, it paves the way for overall information hygiene, which was always bound to have a cost.

This cost is not solely borne by companies, mind you. The GDPR is also adding to the costs of agencies that are responsible for the enforcement of its provisions. The Irish Data Protection Committee has also added around 100 employees to their books with 40 or so more professionals expected to join soon. These new hires come from varied backgrounds. Some are lawyers, others are media professionals or business analysts, system analysts — all hired with the goal of cracking down and investigating as many breaches to the GDPR as possible.

One provision of the GDPR that supports this goal is article 80, which gives validity to class-action lawsuits. It gives NGOs and active citizens, who care about data protection, the right to protect public interest – to protect the rights of those individuals in society, who do not have the time to keep up with the challenges and issues of protecting data privacy.

The GDPR is an ambitious legislative document. It is the first of its kind in the pursuit of global cybersecurity. And it includes substantial measures for enforcement. It is also very extensive, making compliance a challenge. But companies are making changes to their privacy policies, which is positive. Whether these changes are merely words of caution exposing loopholes in the GDPR, or actual reforms for data protection remains to be seen. All eyes will be on the Irish Data Protection Committee and other GDPR enforcing agencies to see if it’s truly effective.  

Download our Mobile App

Vikalp Jain
He is co-founder and President of AEON Learning. Vikalp has been a serial entrepreneur with a keen interest in technology, education, and innovation. Prior to this, Vikalp also co-founded MOZVO, a social movie-rating site and was the CTO of FlipClass. He has completed his BTech from IIT Bombay.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Upcoming Events

15th June | Bangalore

Future Ready | Lead the AI Era Summit

15th June | Online

Building LLM powered applications using LangChain

17th June | Online

Mastering LangChain: A Hands-on Workshop for Building Generative AI Applications

20th June | Bangalore

Women in Data Science (WiDS) by Intuit India

Jun 23, 2023 | Bangalore

MachineCon 2023 India

26th June | Online

Accelerating inference for every workload with TensorRT

MachineCon 2023 USA

Jul 21, 2023 | New York

Cypher 2023

Oct 11-13, 2023 | Bangalore

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox