Let’s talk about the most popular term now, GDPR.
General Data Protection Regulations or GDPR is the regulation of European Union Law (EU Law) on data protection and privacy as well as on issues related to the export of personal data, for all individuals in EU and Europen Economic Area. GDPR primarily focuses on giving control of personal data to the citizens; it also simplifies international business regulations by the unification of this regulation within the entire EU. GDPR was adopted in April 2016 and came into practice by 25th of May 2018 onward.
GDPR will make companies to depersonalize Personally Identifiable Information (PII) so that by using it one cannot be able to identify a specific person. This will make organizations to do a somewhat generalized analysis (Like average ratios, etc.) for business purposes (market analysis, performance analysis, predictive analysis, etc.).
The two categories to whom GDPR applies are – Data controllers as well as Data providers. Data Providers process personal data on behalf of a controller. Companies doing payroll process, market research, cloud providers, etc. are generally data providers. Data providers need to maintain proper record of personal data and the processing done on them because they have legal liability in case of data breach. GDPR applies to two types of data – Personal data (Like name, location, online identifiers, etc.) as well as Sensitive personal data (Like ethnicity, political view, genetic information, health information, etc.).
As per statistics, quintillion bytes of data have been handled daily by worldwide IT companies. Since the amount of data involved is huge, GDPR has been seen as an expensive regulation which can affect the way IT industry operates in a big deal. Since IT industry uses personal data for business development purposes, it may find difficult to meet some of the GDPR guidelines like the following:
- Option to give/change/delete the documented personal data on the request of the respective individual itself.
- Option for the end user to download and take away their data; This will increase risk because then, the data can be given to competitors.
- Hiring Data Protection Officers; Increase of cost.
- Identifying and reporting data breaches (if any) within 72hours.
All these make it pretty clear that this regulation has many effects beyond financial services industry where sensitive personal data have been used for business purpose. GDPR affects all those who sell goods/services to or deals with people/company data in EU, Operate a website with cookies to monitor people from EU as well as who employ someone from EU