If you have been living under a rock for the past 2 years, you may be unaware of the EU General Data Protection Regulation (GDPR), a replacement for the current EU data protection directive. This is of course a very Euro-centric (and yes sorry, a slightly antagonistic) viewpoint, but we hope that you will bear with us. Because we believe that the GDPR may serve as an excellent model for citizen data rights across the world.

At its core, GDPR acts to harmonise the different data privacy laws used across Europe and intends to strengthen data protection and privacy for individuals within the European Union. GDPR revises the roles, rights and obligations between those using your data (data controllers) and you (data subjects). Organizations not respecting the new rules can be fined up to 4% of their annual worldwide turnover, so the pressure is on to comply, and the regulations should not be taken lightly.

We are approaching GDPR D-Day. In May 2018 companies will have to apply this new regulation within their organization, causing enterprise-wide impact on how they must work in the future.

The idea is to bring back privacy. If you have personal data* in your organization, and the chances are that you have, you are obliged to apply a lot of complex rules which:

Ensure protection of the data

Give you the right to process it

Ensure that data is removed from your organisation upon request.

This is a significant burden, but let’s not focus on the organization. After all the regulation was made to protect you and me, the regular user. Clearly, there is little convenience in this matter when looking from a commercial organization’s perspective and this surely is the intent.

When looking deeper into the reason why this legislation has come into force, we must consider the increasing number of “free” services on the Internet, and the fact that our privacy has become a currency. As a society we have readily given up our privacy, in return for “free” and convenient services such as email, easy transportation and social networks. Rather than monetise these services directly, a significant amount of income is derived from the sale of your personal data, sometimes with unpalatable results.

Many had little choice but to accept this “deal with the Devil”. Either you agreed to these terms and can use the “free” service, or you don’t and are excluded from the social groups that congregate within these services.