In simple terms, the General Data Protection Regulation forces organisations globally to treat the information they collect about EU citizens they interact with in certain ways. The main reason for this happening is the breaches of data we’ve seen from hacking of large companies like Yahoo, Dropbox, Sony, eBay, Uber, Adobe and others where personal information was stolen yet the companies in some cases took over a year to inform people who’s data had been compromised. The primary goals of the GDPR is for EU residents to be able to know how their data is collected, what data is collected, how it will be used and what will happen if that data is illegally accessed.
Realistically data theft is big business and it will happen to absolutely everyone at some point unless you don’t use the internet and someone has printed this article out for you to read. However, it now means that organisations have to have defined procedures in place and can’t do what they like with your information.
There are a lot of organisations who collect data from what is called ‘data mining’ – a process that involves looking up publicly available information on potential clients – but the biggest way of obtaining data is simply by buying it. There are businesses who specialise in selling data that creates a ready made client list for organisations which now looks like an industry which will become obsolete.
But therein lies a problem.
Previously if you bought something on Ebay, the seller could cheekily add you to their company mailing list but now they can face huge fines for doing so. However, for large corporations like Facebook and Google, the fines are just a cost of doing business and they will probably just pay the fines while continuing to harvest data that they aren’t allowed to. As usual, this creates an environment where small businesses who email someone they shouldn’t will be hit with fines that could shut down their businesses while the companies who are the worst offenders in collecting information about every aspect of your life will simply get away with it and write off the fees as customer acquisition costs. In short, like many EU rules and regulations, the GDPR is a great idea in principle but the application of it will fall far short of where it was intended to.