What Is General Data Protection Regulation (GDPR), That’s Got The World Talking About Europe?
European Union Flag in London.
The GDPR (General Data Protection Regulation) law will be implemented starting May 25, 2018, in Europe. It is a replacement for the 1995 Data Protection Directive. The Data Protection Directive till now has been used for setting the minimum standards of processing data in European Union. It was quite basic and there was a need to make it more stringent. The GDPR implementation promises to strengthen a number of rights that users will have over companies that rely on their data. Post-GDPR individual users can demand companies like Facebook, Google, WhatsApp to reveal or delete the personal data they hold. This will also be a pan European Union regulation that will help regulators to work in across the EU for the first time. Earlier regulators had to launch separate investigations in each jurisdiction. This most of the time gave companies loopholes to exploit and the enforcement of these regulations was tough. The minimum fine upon breaching GDPR is also reaching as high as 20 million euros or 4% of the companies global turnover. This is harsh for many companies and tech startups and will ensure that individual data protection compliance is kept at the highest priority by these companies.What All Companies Are Covered Under GDPR?
In effect from May 25, GDPR will almost affect every company that you can think of. The biggest to take a hit would be companies that hold or process large amounts of consumer data. These will include your e-commerce websites like Amazon, tech companies like Facebook, Twitter, Google and even firms, marketers, data brokers and social farms that work for other companies for acquiring or processing consumer data. With huge sums of data, even complying with basic requirements of the GDPR will pose a huge task for many companies. Many companies right now don’t have or have even implemented the tools for collating all the individual data that they hold on a user. This makes it a massive cleanup or reorganising of data for these companies.
With GDPR in place, users will have the power to hold many of these companies accountable for how they are using your personal data. This also makes the users way more powerful in front of many companies that play on big data analytics. Users can choose to have data blockers or even delete their data from many online apps, services and sites. They can also, at any time, choose to request their data from these companies and also choose to give or not give consent. So in effect, the users will be more powerful than the companies and the big data crunching companies will have to take its users seriously.What Happens to my Old Data?
The information commissioners across the EU have your back. The new powers given to them post GDPR, companies will have to be very cautious about using your old data. This is also in a way bad for the startup ecosystem as many new startups might struggle to persuade users for their consent on personal data. For big companies, this might not be as much as a problem.
Will GDPR Work?
Like every law worldwide there are always loopholes that these companies can and will find in the upcoming months and years. But, considering what we had earlier in terms of data protection of users and GDPR, this is a massive upgrade in terms of data privacy laws. In the coming months, we won’t be shocked to see many lawsuits between companies and users, and even between companies that do business together.
What About Indian Users?
Right now, starting May 25 the GDPR applies only to the European Union. Indian users will not come under this as for now. Also, for many global tech giants like Facebook, Microsoft, Apple etc this is a massive Public Relations opportunity. Most of these companies in terms of usage and privacy policies are global. That’s one of the reasons why you must be seeing so may updates and permissions pop up every week when you open your Facebook App or even WhatsApp. They have included compliances that are mentioned in the GDPR but with a clause that it may differ from other jurisdictions, like in India, GDPR will hold very less significance as compared to what it holds in the European Union.
What Should India Learn From GDPR?
The GDPR is a very proactive step by European regulators when it comes to protecting individual data from big companies that thrive on user data for profits. India is the second most populated country in the world with an estimated 500 million users by June 2018. These 500 million people are still young to the concept of privacy and data, which makes the Indian market a soft target for big tech giants when it comes to exploiting user data. GDPR can be a blueprint to be used by the Indian regulators and lawmakers to safeguard the data of many Indian who love to use apps like Facebook, Twitter, Snapchat and even swipe those candies on their phones.