GDPR: Should the “G” mean “Global”?

Image for post
Image for post
Photo by Christian Lue on Unsplash

So, what is this “GDPR” thing, anyway?

Since going live in mid-2018, there was no shortage of media coverage that included news stories, blogs, and memes about the fact the EU General Data Protection Regulation (GDPR) took effect from May 25 of that year and most, if not all of us, have been fed a steady diet of updates.

Pop-ups, emails, boxes to check, buttons to click, and any other method of getting the news out about the change have taken over our digital displays. Equally as common is the confusion, uncertainty, and even a hint of fear. What do we need to know?

Depending on your perspective, you’re informed or oblivious or, like most of us, somewhere in the murky middle ground. Some organisations are using GDPR as a call to arms. Some are using it as a sales tool to sell products and services, most of which are helpful but not a silver bullet by any means. Many are simply thinking that this is yet another “European thing” that doesn’t apply to them. Even more are asking the question, “Are You GDPR Ready?” without even knowing the answer themselves but it’s probably safe to say, “No, we’re not ready.”

While it sounds like old news, like many aspects of technology, we are behind the curve. And for those of you clinging onto Windows XP and Windows 7, I’m looking at you.

Who does the GDPR apply to?

Let’s see. There is Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, (and I’m really not sure about the United Kingdom since Brexit) for starters. Oh yes. I nearly forgot. THE REST OF THE WORLD!

You’re asking what do I, as a lowly blogger in Australia, need to concern myself with when it comes to the GDPR? Even if I was on the other side of the planet in the Americas, I would still need to be concerned or, at the very least, aware. For example, the contact form on this website asks for your email address, your name, and some notes which very wall may fall under the GDPR if it concerns someone from the EU and considering I have global readers, it’s a very real possibility. I may have the personal data, even if just a name and email address, of an EU resident.

There are a few things I have learned along the way which I will endeavour to share with you. Bear in mind that laws, regulations, and their applicability are ever-evolving.

  • The GDPR grants the European Union (EU) powers to hold organizations and businesses accountable for how they collect, process, and store personal data which could be YOUR data. It’s not like this came out of the blue and blindsided anyone; businesses and organizations had a two-year heads-up. It was on the cards since May of 2016 and while there was lots of time to prepare, there is little time left for excuses. Here we are nearly three years later and still lagging behind.

This is just the beginning; not the endgame. The GDPR provides a baseline set of rules that provide a roadmap to more ethical approaches to data collection, retention, and processing. It’s a step forward, but the devil will still be in the details for most businesses, although now perhaps a bit more manageable. New controls, even if they “technically” comply with the GDPR for privacy, won’t help if they are too cumbersome and if organizations won’t comply with the underpinning principles that drove this regulation. Old habits can be hard to break.

Still, we’re fans of the fact it encourages a growing culture of responsible privacy, giving individuals the rights, controls, and choices of how their data is used. GDPR: Don’t fear it; embrace it.

Stay safe out there.

Disclaimer: The thoughts and opinions presented on this blog are my own and not those of any associated third party. The content is provided for general information, educational, and entertainment purposes and does not constitute legal advice or recommendations; it must not be relied upon as such. Appropriate legal advice should be obtained in actual situations. All images, unless otherwise credited, are licensed through ShutterStock.

Published By

Follow

Originally published at https://www.linkedin.com.

Aspiring CISO. Cyber Entertainer, Writer, and Presenter. Humanity, not machinery. An observer of how we use and abuse technology. Empathetic and altruistic.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store