What is the General Data Protection Regulation (GDPR)?
The GDPR aims to protect personal data and to provide rights to natural persons in the European Union. The regulation applies to controllers (the organisation that is responsible) and to processors (the organisation that holds and processes personal data).
The persons whose data is processed have far-reaching rights under GDPR, like erasure and the right to object to processing. The processers and controllers have a lot more obligations, like documenting all data stores and getting permission to work with the data.
GDPR and the main concerns
is centred around a few very powerful principles, amongst which: lawful processing, transparency and limited to purpose. The last of these principles is embodied by forcing the controller to get explicit consent in context of the purpose, e.g. “I hereby agree that you will sell my data to a third party”.
As a result, organisations have three main concerns working with GDPR:
- (explicit) consent;
- right to be forgotten;
- data portability.
GDPR possibly the biggest challenge to business this decade