How the Road May Lead Us through GDPR- General Data Protection Regulation

Articles/makaleler - Academic

  /   993   /   19 June 2018, Tuesday

How the Road May Lead Us through GDPR- General Data Protection Regulation - Cigdem Yorgancioglu



How the Road May Lead Us through GDPR- General Data Protection Regulation 

Cigdem Yorgancioglu

18 June 2018


The GDPR a new landmark privacy regulation that applies as of May 25th, 2018, is being called the world's stringent data privacy law and it aims to expand and unify data protection rights of individuals in the EU, is envisioned to harmonize data privacy laws across Europe, protect EU citizens’ data privacy, and redesign the way organizations across the region approach data privacy.  The GDPR is a local law that manages and rules the collection, use and revelation of personal data by all private organizations,- utilize extra-territorial reach and are overtly elongated to those who may not have any presence in their relevant markets. So GDPR sketches how EU residents’ data must be handled, comprising in countries outside the Union. In the digital age where faith is intricately related to how data is shared and stored, such regulations, i.e. GDPR here,  indicative signal to consumers that it is gentle to engage and share data with organizations. Actually the data control ,data security, privacy rights, and governance are the four legs or pillars  of GDPR legislation, which applies to all corporations that collect and process data belonging to European Union (EU) citizens, though this is done outdoor of the EU.  Debate around the GDPR frequently ceases at the fines. More consideration should be given to how the GDPR may build and enhance trust, advance data governance, make consumers keener to share their data, make consent comprehensible and enable completely new classes of services.  GDPR purposes to give users back control over their personal data. Conforming to the GDPR is adequate for evading fines. Nonetheless, the GDPR will also redraft the guidelines and rules for data-driven business, and redefine customer centricity. To properly acclimatize, corporations need to embrace the fact that the individual will controls their data.

 Overwhelmingly after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement  are in a state of being faced large fines up to 4 percent of a company’s annual global revenue OR €20 million (whichever is greater). This is sufficient motive to cause wide-spread alarm among businesses around the world.  So comprehending what is required by GDPR and the spirit of the law became imperative. One of the fundamental elements of GDPR is a prerequisite for corporations to issue notices of data breaches within 72 hours of becoming aware of them. If the breach in question poses a high-risk to the persons involved, then companies must also notify those affected as soon as possible. It is also possible to breach the GDPR outside of having an actual data loss, so being compliant is extremely significant.


The technology has considerably transformed every aspect of life and business in the last decades so as the Language. The “right to be forgotten” has come into the English language as an expression that reverberates in an era where we are all endangered to having our particulars stored online whether we are willing them to be or not, and irrespective of whether we have a broadband connection, computer or telephone since the Article 17 of GDPR permits individuals to demand personal data be deleted.   Through the “right to be forgotten" and the right to be informed, GDPR give individuals more rights over their personal data. According to Regulators the rules will harmonize data privacy laws across the EU and render a template prototype for other countries watching to protect individuals' personal data.

From now on if you collect personal data from an EU resident, then you must get explicit consent that is explicit and unambiguous. Accordingly, you cannot just send unsolicited emails to individuals who gave you their business card or filled out your website contact form because they did not opt-in for your marketing newsletter which is called SPAM and you shouldn’t be exploit that anyways. So Explicit Consent is will be very significant in this regard.


As GDPR requires Data Protection Officers (DPOs) to be engaged to be accountable to the ruling authorities, new jobs come into stage as well.  The DPO who  act as third-party contracting on behalf of the data controller  and will need to be able to access IT systems and have a solid knowledge of data laws. This could grow into a flourishing role as in larger companies the DPO will often be a dedicated job with a backup team attached. Among minor companies it might fall into the remit of an individual employed in another department: staff working within legal departments at organizations will be an apparent possibility. Furthermore IT department seems well matched to DPO task as well since some technical proficiency will be essential to protect and oversee data. Plus, IT Divisions certainly have sophisticated GDPR readiness programmer and implement added practices, protections and safeguards.

New questions popped out. How to make a WordPress site GDPR compliant? [i]The platform for mobile payments and transactions are already established. Digital literacy and skills are roaring through the society.   In the age of fiber connectivity, emphasize the role of the digital economy, Industry 4.0 as a new driver of progress, should be discussed how to build its foundations, and observed at the risks of being left behind.  Data privacy authorities are on alarm for security breaches. Think tanks, thought leaders, digital entrepreneurs and development partners all are either focus on the issue with dedicated effort or chewing the words related to GDPR. Track how files are shared will be a vital issue.  IT divisions shall provide two-factor or multi-factor authentication tools for secure access. To spread the security used in mobile  own apps to shelter key custom and 3rd party applications from being inhibited with, and permits for secure sharing of data between apps and users. Software will deliver encryption within every proposing, providing data protection across networks, on devices, around apps, and within files. Predominantly pertinent for GDPR, the desired devices shall provide encryption in transit, in usage, and at stand-by, roles-based controls and remote access tools so that in the event of devices being lost or stolen, data can be wiped or recovered. Enhanced application and tools will help you define critical GDPR expansion points in your application design, advice you on how to secure the processing workflow of this privacy data and how to diminish the privacy data footmark without giving up the usability of your application or service.

Data as intellectual property is at the fundamental core of the whole thing your company does: your customer records, your revenue.  Any breach in confidentiality surely costs much more than just fixing outages and spoiled systems. In this connotation, building a robust security posture can help protect your reputation. Organizations must guarantee that they provide the “right to erasure” that is to say; the capability to erase information on individuals on demand. One of the foremost elements is that GDPR demands clear consent, means, data held on subjects must merely be used for the purpose agreed. The definition of that data is very wide-ranging and can include not just names, ID info’s, addresses, e-mails and telephone numbers, but also pictures, social media updates, and IP addresses. Meanwhile, there are few exceptions where the right to erasure can be denied, mostly to do with freedom of expression, legal claims.  Research in the public interest is exception as well , but GDPR usually mandates that data controllers must comply with the right to erasure and make best efforts to share notification of erasure processes with.


Today, the development of Accelerated Mobile Pages (AMP) component allowing publishers to acquire user consent is underway and accepting comments. As the issues adjoining GDPR consent and compliance are complex comprising obtaining per-usage consent such as publisher’s prerequisite to acquire single consent for users being tracked for both first-party and third-party purposes, the players are encouraging publishers and vendors to participate in the component’s development so that support will be accessible for as much integration as possible. They particularly note present support within AMP for these types of features and state that user consent may need to be obtained before loading them.

Collecting data and querying it has made the prosperities of gigantic multinational technology  web bodies  such as Google LLC  and Facebook  Inc. but nearly any organization today will be sitting on customer data, employee data, data on prospects in addition other personally identifiable information (PII). And the challenge is that as data has risen in value we have seen a parallel correlation in attacks and threats intended to steal data. Data in the web epoch is used to market to us based on our search histories, inclinations transactions, and interests. Organizations may also mine data for defensive purposes, neural activities to predict behavior that is symptomatic of fraud or other criminal behavior.

GDPR will have a pungent effect on the way that organizations cope with the data of customers, employees and others. Organizations of all sizes need to initiate planning now to put processes in place. Businesses will need to prove that they are conforming to GDPR and this means submitting wide-ranging business records. It is not sufficient to simply comply with the new GDPR; Companies must be able to prove they are undertaking so. Under GDPR’s requirement for accountability, records should be sustained and reflect processing activities such as customer data processing activities and how consents are obtained.

To get rid of your anti-virus for cyber security is must. Nonetheless, detect, surround, and remediate advanced threats though they escape front-line barricades is not sufficient. Malware protection for endpoints is unavoidable. That’s not enough either. Today we talk about the features to be launched comprise the capability to show options in user interface notices via “accept” and “reject” semantics, and configuration of AMP element manners in response to users’ choices.. To be compliant with the regulation, organizations will need to assign Data Protection Officers who can be either an internal or external individual accountable for compliance. They will also have to review processes and create action plans and provisions or else risk the wrath of regulators that now have the ability to impose those massive penalties.

New business opportunities are in horizon. The companies will come into emerge to deliver GDPR Consultancy. They will act in your name and on your behalf in the whole EU for GDPR purposes while managing requests from individuals in the EU concerning their rights under the GDPR. They will answer your queries and keep you informed on GDPR matters that can impact your non-EU business. Such companies shall liaise and cooperate with the GDPR Supervisory Authorities, including in the event of data breaches. The General Data Protection Regulation (GDPR) provides individuals with augmented control over how their personal data is collected and used online, nonetheless more can and should be completed to safeguard that individuals are able to take back control of their online identities,  GDPR is already enhancing the security and e-identity sector. An utterly new class of services made probable by the GDPR is Personal Information Management Systems (PIMS). PIMS are technologies that provide individuals a singular view over their agreements with numerous different service providers, and what personal data they are sharing with whom. From here, individuals can give consent, delete data and transfer data.  New prospects maybe in horizon in this regard too. The platform might be used for individuals to attain new services, as well as for companies to touch to new customers. Such a platform would also lead to new opportunities within data aggregation, cognitive technologies, and data-driven services. Personal Information Management Systems mentioned here (or PIMS) are systems that help contribute individual’s additional control over their personal data. PIMS allow individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose.  Providers of online services and advertisers will need to interact with the PIMS if they plan to process individuals’ data. This can facilitate a human-centric approach to personal information and innovative business models.[ii]