Photo Credit: Unsplash

The Origins of GDPR

Technology has transformed everyone’s life in ways one couldn’t have ever imagined. It has been able to elevate businesses to global level. Technology has equipped even a small business to transcend geographies and gain access to global customers from all corners of the world while competing with global businesses operating in its space.

Over the last 25 years, the internet has evolved from its infancy to become the backbone of everyone’s life, which is true for customers and businesses alike. And the advent of social media has provided a common platform for both, while transforming the way businesses are operated. Businesses have over the years been able to use social media to market their products/services and reach out to their customers. While it has been advantages for both, it has brought challenges for customers to retain their privacy and for businesses to maintain the confidentiality of their customers.

In all earnestness, the EU adopted a comprehensive and an all-encompassing General Data Protection Regulation (GDPR) in 2016, an upgrade from its earlier 1995 Data Protection Directive. It is aimed at protecting the privacy of all the EU residents whose personal data is used online for various purposes, including business. Since its adoption in 2016, it has been fully implemented in every member country of the EU in May 2018.

How will GDPR impact businesses?

The implementation of GDPR will have far-reaching effects beyond the EU shores. Every country engaging in business with the EU will have to adhere to this new regulation. The legislation will apply to every business whose data processing entails offering of goods and services to EU residents or the monitoring of their online behavior for internet-based marketing/business within the EU. While adhering to GDPR, businesses can no longer send an email to their prospects nor can drop cookies without making the prospects unambiguous and receiving a clear permission.

Apart from holding businesses accountable, the GDPR obligates them to specific conditions that will help immunize the EU residents in ways specified –

1) Lawfulness, fairness and transparency:

to process data lawfully, fairly and in a transparent manner;

2) Purpose limitation:

collect data for specified, explicit and legitimate purposes and not process it further (except for purpose of public interest, scientific, historical research or statistical) in a manner that is incompatible with those purposes;

3) Data minimization:

data collection that is adequate, relevant and limited in relation to the purposes for which they are processed;

4) Accuracy:

maintain accurate and up-to-date data and the inaccurate ones be erased/rectified without delay;

5) Storage limitation:

store data for no longer than is necessary for the purposes for which it is processed (except for purpose of public interest, scientific, historical research or statistical) safeguarding the rights and freedoms of the individual;

6) Integrity & confidentiality:

using appropriate technical or organizational measures maintain integrity and confidentiality of the personal data, against unauthorized/unlawful processing, against accidental loss/destruction/damage.