What is GDPR and why should I care?

Without trust no trade. That was valid in the days of exchange, became more valid since money kicked in as a substitute for exchange and is even more valid in our digital world. We are moving away from physical exchange towards an invisible marketplace where buyer and seller never meet and use digital means to seal the deal. If ever you needed trust to seal a deal you need it now. But how do we trust someone we have never met? This brings us back to the very foundation of trust and how we are able to build it.

And in fact trust applies to all kinds of exchange relations. In a business environment examples are buyer and seller, vendor and purchaser, employee and employer. In all of them trust is vital and rules of engagement are needed to help us build it. Don’t do to others what you don’t want them to do to you, is a well-known, long lived example.  A modern day illustration of such a rule of engagement would be: personal data provided by a customer while purchasing a product shall not be used for any other purpose (i.e. purpose limitation). Or: personal data provided by a job applicant shall not be stored indefinitely (i.e. storage limitation) nor used later on during an appraisal (i.e. purpose limitation). And given our digital world, you can imagine that these rules need to be able to cross national borders and national legislation. It is exactly this which made the EU realize we need new rules and need them to be a standard across the EU, so as to keep the levels of trust high and keep its EU citizens safe from personal data breaches. General Data Protection Regulation (GDPR) is the term the EU adopted for this new set of rules.   

The GDPR is a comprehensive regulation that unifies data protection in all EU countries. It will directly apply in all EU member states from 25 May 2018. The GDPR has a very broad territorial scope and will apply to any organization that manages the personal data of individuals who are based in the EU, regardless where the organization is registered. Non-compliance leads to severe consequences. Fines may amount to a maximum of EUR 20 million, or 4% of global annual turnover. The GDPR requires organizations to implement reasonable data protection measures to protect the personal data of consumers, employees, vendors or suppliers against data loss or exposure. To achieve that goal, the law expects companies to have several data protection principles in place to make sure personal data is handled properly.        

So what is GDPR and why should I care? The regulation is meant to keep us safe from misuse of our personal data, thus enforce the trust needed while buying Office365 online, while entering into a labor contract with an employer or asking others to provide you with personal data when doing your job. That is what it is and why you should care.