What is GDPR?
GDPR or General Data Protection Regulation is a legislation to secure the rights
of the consumers. Its approval was taken in 2016. The European companies nailed
on it two years ago. Now, it’s likely to come into effect from May 2018.
Earlier, the Data Protection Directive was in the mainstream. But, several hoops
appeared in it to jump through. The 28-nation European Union cluster nodded to
implement the GDPR now.
However, FB’s owner Mark Zuckerberg has clearly clarified Reuters that he abides
by the EU law. He agreed over protecting the data of users in the European
countries. But simultaneously, he denied providing a guaranteed implementation
of the same legislation in the non-EU countries.
How does it impact?
1. Broaden Authority: The data policy will cover up all companies that
deal with the personal data of the EU citizens. Be it a data processing, market
research or data mining company, this data science based law would be applied
over all these company. The logic is simple. All these companies dig out
personal data mostly. Therefore, the arena of this law covers all these ones.
2. Unleash Penalty: The companies whose forte is to research over the
personal data, they create a fool’s paradise for data owners. In the Cambridge
Analytica case, Kogan took monitory benefit out of selling the personal data of
his 27,00,000 downloaders (of the app ‘thisisyourdigitallife’). However, he took
consent of the users to use their data. That was a licit move. But when he
handed those datasets to the third party, he breached the confidentiality as
Now, this norm would slap such culprit companies with the penalty of 20 million
Euros. Alternatively, this sum can be scrolled up to 4 percent of their annual
turnover. This step would significantly harm the boost of that foretold
3. Consent from data subjects: This policy strongly implicates for taking
the consent of the data subjects. The data subjects are the beings with whom the
personal data relate. It can be you or I, if our data is mined out for
fulfilling any commercial motive.
Many companies or organizations make an individual a fool by playing with words.
Therefore, this law mandates defining consent in an easy-to-understand manner.
At the same time, the purpose must be clearly stated. It accessibility must be
Also, if the data subject wants to take a rear step or reverse his/her decision
that must be possible.
4. Breach Notification: This policy resonates with the notification of the
million users’ data in the open online. If such kind of ignorance occurs, this
policy strictly reinstates to report about it within 72 hours of its revelation.
The data processors must disclose this fact to the data subjects without any
5. Consumer Rights: If the data subject is willing to move the data from
one data vendor or researcher to another or wants to delete, he/she would have
right to do so. Moreover, he/she would be delivered the copy of his/her data.
Also, the subjects can ask to disclose how their data would be used explicitly.
It is known as the right to forgotten or data Erasure.
6. Security is must: The data user must give a prior thought to the
security. Seconding that thought is not permissible. Therefore, the data must be
confined in a highly secure system.
7. Protection for Kids: This clause is configured while keeping the
immaturity of kids in mind. They are unaware of the risks bound to the
vulnerability of their data. Hence, the parental consent would be must for
extracting the data of the kids under 16.
Benefits of GDPR: This data policy of the data science is favourable for
the users/ data subjects. A thorough and explicit study occurred before its
formulation. The data chunks are the engines of the business intelligence.
Thereby, the ills would surely spike up in case no strong data policy would be
there. Therefore, the data subjects have given a remote control to proactively
advocate and harness their rights.
The protection of users’ sensitive data is a hot topic. The GDPR compliant
companies must handle their consumers’ data with intensive care. The consumers
must have crystal clear picture of how they control, monitor, check and delete
their sensitive details. This is how a protective layer can be made and
maintained. How this layer would be created-catch it below:
1. By Pseudonymization: It is a method of substituting identifiable data
with a reversible & consistent value. By providing one or more artificial
identifiers, the data can be secured.
Let’s say, we replace the email Id [email protected] with pseudo mymymy0HoT1MoM.
It is just like tokenization.
2. By Anonymization: This method is a destructive method. If the data are
purposely used after taking the consent of the data subject, it can be
permanently destroyed or encrypted. The encryption is the best way to make it
happened. It is a process of converting the readable data into incomprehensible
codes. The way to unlock that code is defined in the private and public key.
This is how the data mining organizations or research companies must provide
additional information to decode the data. The private & public keys are the
best provisions to convert it into legible format. It would be an obstacle for
hackers to get an easy access to the private information.