The Irish Times view on GDPR: bigger than Beyoncé

The new EU data legislation will give people significant new protections

With companies like Facebook and Microsoft pledging to offer GDPR-level protections to all worldwide customers, the signs are that GDPR will function as a long-needed, if imperfect, global redress to what has been a data-grab free for all. Photograph:  Nicolas Asfouri/AFP/Getty Images

With companies like Facebook and Microsoft pledging to offer GDPR-level protections to all worldwide customers, the signs are that GDPR will function as a long-needed, if imperfect, global redress to what has been a data-grab free for all. Photograph: Nicolas Asfouri/AFP/Getty Images

 

The General Data Protection Regulation (GDPR), which comes into effect today, is hands down the best-known piece of legislation to come out of the European Union in years. By the start of this week, Google searches on GDPR had surpassed those for Beyoncé.

No doubt that’s in part because of all the GDPR marketing consent emails popping up in everyone’s inbox. But those emails are just advance outriders for one small element of this sweeping privacy and data protection regulation.

The GDPR gives the data of anyone in the EU, citizen or visitor, significant new protections. People now have clearly specified rights to data protection, especially for sensitive data pertaining to “physical, physiological, genetic, mental, economic, cultural or social identity”. Children’s data – in Ireland, anyone under 16 – has extra protections.

All of us now have the right to ask organisations to reveal the data held about us, and they must be far more transparent in how and why they are gathering that data in the first place.

To comply with meeting these new individual rights, organisations face stringent new obligations on collecting, utilising and protecting data. In particular, data breaches must be reported to data protection authorities within 72 hours, and individual victims must also be notified if the breach could cause them personal damage.

Organisations worldwide can be fined up to €20 million, or 4 per cent of annual worldwide turnover, whichever is the greater. This is a critical element. Past data protection legislation lacked such mind-focusing punishments.

And that is why the international business world is paying attention, especially US technology companies. For some with high turnover but little profit, a fine could wipe them out. It will take time to iron out exactly how GDPR will operate in real-world application. But with companies such as Facebook and Microsoft pledging to offer GDPR-level protections to all worldwide customers, the signs are that GDPR will function as a long-needed, if imperfect, global redress to what has been a data-grab free-for-all.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.