What is GDPR?

GDPR or General Data Protection Regulation is a legislation to secure the rights of the consumers. Its approval was taken in 2016. The European companies nailed on it two years ago. Now, it’s likely to come into effect from May 2018.

Earlier, the Data Protection Directive was in the mainstream. But, several hoops appeared in it to jump through. The 28-nation European Union cluster nodded to implement the GDPR now.   

However, FB’s owner Mark Zuckerberg has clearly clarified Reuters that he abides by the EU law. He agreed over protecting the data of users in the European countries. But simultaneously, he denied providing a guaranteed implementation of the same legislation in the non-EU countries. 

How does it impact?
1. Broaden Authority: The data policy will cover up all companies that deal with the personal data of the EU citizens. Be it a data processing, market research or data mining company, this data science based law would be applied over all these company. The logic is simple. All these companies dig out personal data mostly.  Therefore, the arena of this law covers all these ones.

2. Unleash Penalty: The companies whose forte is to research over the personal data, they create a fool’s paradise for data owners. In the Cambridge Analytica case, Kogan took monitory benefit out of selling the personal data of his 27,00,000 downloaders (of the app ‘thisisyourdigitallife’). However, he took consent of the users to use their data. That was a licit move. But when he handed those datasets to the third party, he breached the confidentiality as well as the privacy policy.

Now, this norm would slap such culprit companies with the penalty of 20 million Euros. Alternatively, this sum can be scrolled up to 4 percent of their annual turnover. This step would significantly harm the boost of that foretold malicious breach.

3. Consent from data subjects: This policy strongly implicates for taking the consent of the data subjects. The data subjects are the beings with whom the personal data relate. It can be you or I, if our data is mined out for fulfilling any commercial motive.

Many companies or organizations make an individual a fool by playing with words. Therefore, this law mandates defining consent in an easy-to-understand manner. At the same time, the purpose must be clearly stated. It accessibility must be seamless.

Also, if the data subject wants to take a rear step or reverse his/her decision that must be possible.

4. Breach Notification: This policy resonates with the notification of the data breach. Let’s recall the privacy policy violation by Uber. It left 57 million users’ data in the open online. If such kind of ignorance occurs, this policy strictly reinstates to report about it within 72 hours of its revelation. The data processors must disclose this fact to the data subjects without any delay. 

5. Consumer Rights: If the data subject is willing to move the data from one data vendor or researcher to another or wants to delete, he/she would have right to do so. Moreover, he/she would be delivered the copy of his/her data. Also, the subjects can ask to disclose how their data would be used explicitly. It is known as the right to forgotten or data Erasure.

6. Security is must: The data user must give a prior thought to the security. Seconding that thought is not permissible. Therefore, the data must be confined in a highly secure system.

7. Protection for Kids:  This clause is configured while keeping the immaturity of kids in mind. They are unaware of the risks bound to the vulnerability of their data. Hence, the parental consent would be must for extracting the data of the kids under 16.

Benefits of GDPR: This data policy of the data science is favourable for the users/ data subjects. A thorough and explicit study occurred before its formulation. The data chunks are the engines of the business intelligence. Thereby, the ills would surely spike up in case no strong data policy would be there. Therefore, the data subjects have given a remote control to proactively advocate and harness their rights.

Data Protection: 
The protection of users’ sensitive data is a hot topic. The GDPR compliant companies must handle their consumers’ data with intensive care. The consumers must have crystal clear picture of how they control, monitor, check and delete their sensitive details. This is how a protective layer can be made and maintained. How this layer would be created-catch it below:

1. By Pseudonymization: It is a method of substituting identifiable data with a reversible & consistent value. By providing one or more artificial identifiers, the data can be secured.   
Let’s say, we replace the email Id [email protected] with pseudo mymymy0HoT1MoM.  It is just like tokenization.

2. By Anonymization: This method is a destructive method. If the data are purposely used after taking the consent of the data subject, it can be permanently destroyed or encrypted. The encryption is the best way to make it happened. It is a process of converting the readable data into incomprehensible codes. The way to unlock that code is defined in the private and public key.

This is how the data mining organizations or research companies must provide additional information to decode the data. The private & public keys are the best provisions to convert it into legible format. It would be an obstacle for hackers to get an easy access to the private information.