GDPR; an acronym that spawns raised eyebrows and yawns in equal measure. And it’s understandable people respond this way, to a certain extent, particularly if they aren’t aware of why it’s come to be. But what isn’t up for debate is that as a piece of legislation it is already starting to have far reaching impact; and it’s here to stay. So for those who haven’t yet embraced it, let’s understand how we got here.
As a quick intro, what is GDPR?
The General Data Protection Regulation (GDPR) is a piece of legislation through which the European Commission aims to strengthen and unify data protection for individuals within the EU. It’s something quite special, in that its reach is not limited to the EU, but is instead global. Any entity that holds the personal data of an EU citizen has to adhere to GDPR. It really is that simple.
So how did we get to this point?
As is often the case with legislation, it’s been an evolutionary process. Even as far back as the 1950s, issues regarding personal information were coming to the fore.
First off, it was with respect to human rights, in that it became recognised that everybody has the right to private and family life. Exceptions to this were acknowledged, of course, mostly with regard to legal constraints, security issues, and criminal activity. But the focus wasn’t specific enough when it came to the collection, storage, and use of personal data. And though they’d made a good start, it was ambiguous.
Computer power kicked in…
The automatic processing of data came under the spotlight next in the 1980s. The main focus for this was to try to catch up with the introduction of computers. In an attempt to tighten things up, the UK introduced the Data Protection Act of 1984. The problem was computing power and how data was collected, used… and shared. The process was constantly one step ahead. Physical borders and geographic boundaries mean nothing in the digital world. And one nation’s legislation didn’t necessarily tie in with another nation’s take on the topic. Discrepancies arose and across the EU there was confusion, disparity, and lots of holes in the net.
A first attempt at unification was made…
Up stepped the EU’s Data Protection Directive in 1995, which was a first attempt to address these issues and unify, strengthen, and simplify data protection for all. It set minimum requirements, and tried to solve the problems caused by data crossing borders. One particular notable success, with regard to data moving outside of the EU, was the US-Europe Safe Harbour Act. This broadly stated that US data protection law was compatible with EU laws. And individual EU countries too rose to the challenge and responded with their own acts, the UK’s being the Data Protection Act 1998.
Still, however, there were discrepancies, and legislation wasn’t evenly applied across borders. Another step in the right direction had been taken, but the useful and positive flow of data across the EU was still inhibited; the wheels of industry continued to regularly grind to a red-tape halt.
Exponential development of Google and the likes kicked in…
Facebook, The Internet of Things, big data gatherers, forced a rethink. On 19 May, 2009, The European Commission ran a conference dedicated to the subject of personal data, and to examining the new challenges faced by all in a globalised, digital world. From then onwards, ideas were gathered, issues debated, legislation drafted, discussed and amended… many times. And the output from this lengthy process has been GDPR.
And so… we now have it. A regulation that clearly defines what the personal data of an EU citizen is, and ensures it is treated the same wherever it is being collected, used and stored.
The evolution of data protection has been quite a journey so far, and will no doubt have many twists and turns still to come. But the point that we have reached now is an important one. GDPR is not a directive, it is legislation. It’s not a sledgehammer, for it’s been very carefully crafted, but it is a pretty big mallet all the same. And it is most definitely not a flash in the pan, for it’s here to stay. All we can say at this point is embrace it and work with it, people. Doing so will only be for the good of all.
If you’re ready to get your organisation up to speed on GDPR, please visit this page to learn more. There’s a lot to get through, it’s worth starting as soon as you can.