General Data Protection Rules

Categories: Free Essays Internet Security Network Network Security Online Privacy

Essay, Pages 8 (1991 words)

Views

354

We are living in an era where key aspects of our lives revolve around data held about us. The tracking of this data either online or offline results in the increase of threats like pharming, phishing, and usage of data by third-party users (as in Cloud computing) or data brokers. Data is also susceptible to virus or worm attacks, political or social manipulation, and improper data profiling. To fight back against these threats, one should work with ethics on big data, personal data security, and privacy of data.

Don't use plagiarized sources. Get your custom essay on

“ General Data Protection Rules ”

Get custom paper

NEW! smart matching with writer

Growth and advancement in technology have captured the world like a web, where no individual is left uncaught. Collecting and analyzing credit card details and personal information like name, address, etc. has led to a tremendous increase in data that is stored and utilized for malicious reasons and monetary gain. Therefore, protection of data from unauthorized or unfamiliar access and avoiding data breaches form a major concern for all businesses and services operating all over the globe.

General Data Protection Regulation (GDPR) is an important change in the history of data privacy regulation, considering the privacy of data to be a valuable asset to protect and not sell across different sectors. The rule doesn’t govern on data that is processed by an individual for purely personal reasons or any activities carried out at personal space, like home, without any connection to a professional or commercial activity. For example, inviting friends for a party from their private address book through email.
GDPR-General Data Protection Regulation and its need
GDPR is a European Union (EU) regulation that governs to regulate personal information of customers by strengthening their rights to control, check, monitor, and delete information that is related to them.

Thus, GDPR is needed to ensure the protection and privacy of personal data over the web.
History behind GDPR
Before the implementation of GDPR, data protection rules were created across Europe in the 1990’s first. In October 1995, Data Protection Directive 95/46/EC was created to regulate the transfer of personal data and also harmonize data protection laws. In January 2012, an initial proposal for updating data protection regulation was made by the European Commission. In 2016, the European Parliament and Council of European Union adopted GDPR after 4 years of discussion which was started in 2014.
After following a post-adoption grace period of 2 years, GDPR became fully enforceable on 25 May 2018 replacing the Data Protection Act.
Who’s covered under GDPR compliance requirements?
GDPR applies to-
• all organizations holding, storing, and processing personal data of EU residents in any form- biographical information, workplace data, health, etc., regardless of the geographic location of the organization.
• It also applies to organizations that offer goods or services to EU residents irrespective of the location (within boundaries or outside boundaries).
• Companies having more than 250 employees.
• Fewer than 250 employees if data processing includes certain types of personal data.
What are key policies to protect customers?
A major focus of GDPR is to have-
• Clearer, concise, simplified, and strengthened conditions of consent from data subjects and also its withdrawal or reverse should be easy way too.
• Compulsory notification of any data breach that may lead to risk the rights and freedom of individuals must be reported within 72 hours of its discovery. Data processors are also required to inform their customers.
• Specific protection for children under the age of 16 must include parental consent on their behalf to opt into data collection.
• Imposing Heavy and strong penalties of 4% of global revenue or 20 million euro on serious violations like a violation of core privacy etc. Few infractions are less expensive but still carry a heavy penalty.
• To stick with the basic foundation of “privacy by design” and “privacy of default” better systems and processes must be built keeping in mind the protection of data.
• The ‘right to be forgotten’ also called ‘Data Erasure’ allows the data subject to request erasure of personal data from the controlling entity. The company should give access to and copy of your data on request. Data Portability allows customers to transfer their data from one service provider to another.
• Appointing Data Protection Officer by data controllers (determines the means and purpose of processing personal data) and data processor (any person who processes the data on behalf of a data controller) whose main role is to keep track of all the processing activities performed by the organization involving personal data and advising and assisting processor regarding GDPR compliance.
Impact of GDPR on Europe
The immediate effect of GDPR was seen when the complaint was received within forty-eight minutes of enforcement, against US tech companies and social media companies for carrying out unsaid privacy violations thus strengthening customers right to protect against misuse of personal data.
Businesses continued to serve their customers, send them emails, collect and store their data on a lawful basis respecting the privacy of people and those who want to have their data deleted, as a level of awareness among the general public’s perspective has changed. But for some small businesses, the cost or expense of making business compliant with new rules and regulations were quite unbearable which in turn led to cutting down on services that were offered to European customers as compared to the other parts of the globe.
Ezoic firm conducted research and found that Ad rates have dropped in Europe since May 25.
According to a report from Reuters Institute for the study of Journalism, the average use of third-party cookies per page across Europe has dropped 22 percent resulting in delivering a better user experience and faster loading of websites. Some marketing experts whose organization is GDPR compliant surprised them with the fact that customers are more receptive towards advertisements, thus, having developed trust and loyalty with the organization.
Impact of GDPR on the USA
With the enforcement of GDPR, US-based social network giant Facebook reported a decline of about millions of MAUs (monthly average users) and less impact on DAUs (daily average users) as well as a drop in advertising revenue growth and active users within Europe. Having a globally connected user base, Facebook asked users to review their privacy settings and whether advertisers can target them based on religious and political views or their sexual orientation. Google changed its privacy policies making it many users friendly and had worked with a team of experts to follow GDPR policies. Apple shared details to the customers on the type of personal data it holds on them and introduced service for EU countries (later, all over the globe) which allows a customer to see data from sign-in history to photos, documents, contacts, etc. and control data by correcting, deleting information or deactivating their account. It is easy for Big Tech giant businesses to comply with the new rule. But small and medium-sized businesses that were less prepared were impacted on the grounds of budget.
Many US sites have continued to block European visitors after GDPR came into effect. After GDPR US state California also proposed to give its consumers control over data, starting January 1, 2020 Californians can also determine what data if any is collected, sold, or shared with third parties.
Impact of GDPR on India
In India, on 27 July, an Indian government committee released the Personal Data Protection Bill of 2018 based on the ruling by the Indian Supreme Court that every individual has the right to data privacy. Job opportunities in Cybersecurity have also increased in cities like Bangalore, Mumbai, and the National Capital Region comprising a majority of IT startups and multinational companies. GDPR opened doors of opportunities for Indian companies in strengthening business with Europe.
Ethics of working with Big Data
Ethics or simple honesty differentiates the right and wrong behavior within a society. In today’s scenario, where business plays an integral part of society, organizations face difficulty to maintain profits and revenues and it is a data-driven world, Data Ethics or Big Data Ethics can be defined as the study and evaluation of moral problems related to collection, generation, processing, sharing and usage of data, particularly personal data. For example, in the retail industry, big data technologies are used to suggest items, give attractive coupons, improve store layout based on customer movement but Tracking movements or shopping habits of customers, saving card details, sending invalid offers, and other cyber crimes like bullying, hacking, etc. arises questions related to the privacy of an individual, degree of transparency in the usage of customers data and control over voluminous data. Following principles are defined to form a big data ethics framework for both individuals and organizations-
• Ownership-Most of the personal data describing individuals like GPS location, Genome data, financial transactions, etc. are collected using internet services. Thus, Ownership involves determining who owns a digital identity? who owns data, can rights be transferred and what are the obligations of people who generate and use that data?
GDPR indicates that individuals own their data.
• Privacy-Understanding the extent of use of what data to share, with whom, its purpose, and when to share in the context of privacy. For example, sharing your medical history with the doctor with the intent of getting health improvement is ethically sound and the doctor revealing the same patient’s medical history to another doctor for a second opinion is also ethically sound, but sharing that medical history with the intent of marketing to agency sounds unethical. GDPR gives the right to access and the right to be forgotten to protect individuals' privacy.
• Identity and Consent-An individual maintaining identity online and offline, thus, providing big data ability to analyze (aggregate, summarize, etc.) various aspects of our identity without our participation. Thus, consent for using one’s data plays an important role. GDPR policy of keeping clear, concise, and easy to understand consent allows an individual or legal entity to use one’s data to the best of their knowledge and consent.
• Transaction Transparency and Openness-It is the right of an individual to know how one personal data is going to be used, what is the purpose of collection and how long will it be stored. Thus, open or aggregated datasets should be available freely for accountability and transparency. GDPR gives an individual right to access and get his data from an organization.
• Reputation-Since an individual maintains offline and online identity, big data provides chances to form an opinion about what kind of person you are, even without interacting personally with the person which might affect one’s reputation. GDPR ensures to protect the same.
Collecting and aggregating the required data, identifying and scrubbing personal data, complying with all laws related to personal data, having a plan stating important information, and allowing users to choose the data they are willing to share(privacy settings) are a few ways in which companies can collect and analyze data in an ethical manner without keeping safety and privacy of users on stake.
Authorization, Authentication, Administration, Audit, and Data Protection forms the pillars of security for data being controlled over the web. According to GDPR organizations must ensure data accuracy and integrity by granting a right to access and correction, minimize individuals’ identity exposure by using pseudonymous or anonymous data, process data only for authorized purposes, and implement data security measures by adopting the right to be forgotten protocols. Just like a coin has two faces, so has been the impact of GDPR-some for better, some for worse. Organizations are working to implement the changes, and few have undergone the changes and operating as per law.
It has still been a few months since the implementation of GDPR but, its consistent implementation will reduce vulnerability to cyber threats, develop customer's loyalty towards organizations on concerns of confidentiality, and the overall increase of security in organization’s data resulting in good business plan. Data has been one of the leading drivers of generating revenues for an organization in all sectors, thus, its ethical usage- keeping in mind both the growth of data science and privacy, ownership, the identity of individuals and groups is the responsibility of the organization.