Global Data Protection Regulation (GDPR)

Global Data Protection Regulation (GDPR)

May 27, 2018 0 By Xamnation Editor

We all are having account on social media websites like Facebook. Have you ever wondered how these websites detect your buying intention and keep showing you relevant ads? This will goes like this:

  1. Amit (our user) is an active user of facebook , spending approx. 1 hour daily on this popular social media website
  2. Amit is looking to buy a new smartphone. He thought it is a good idea to ask his network on the suggestion. So he posted “ Can anyone recommend me a good phone in range of 10-15k”
  3. Some of this friends share suggestions which Amit likes or comments
  4. Now after 1-2 days, Amit suddenly start seeing his mobile phone ads.

This happened because Amit asked in a post for a recommendation. Even if Amit would not have asked, and have just searched over internet, he will still see ads on mobile phone. This is because Amit, by going to different e-commerce websites (Amazon, Flipkart) has stored his preferences in cookies, which can be picked up by other websites. Websites these days are collecting billions of user data each days to show his tailor made product.

Starting point of Global data protection regulation (GDPR)

In January 2012, European commission thought that their existing data protection law is becoming more and more ineffective due to latest updation in internet technology, with machine learning and Artificial Intelligence (AI) impacting data processing on bigger scale. European commission finalised a series of data protection reform(GDPR is one of them), and they got passed in European parliament  in April 2016.

What triggered global protection regulation (GDPR)

In march 2018, world was rocked by Facebook-Cambridge Analytica scandal, which involves the collection of personally identifiable information of up to 87 million Facebook users. This data was used by politician all over the world to influence voter opinion, and impacted government formation in many countries.

Facebook-Cambridge Analytica scandal forces all European countries to adopt this law, and European Union set May 25 as deadline for this law across Europe

What is Global Data Protection Regulation (GDPR)

Global data protection regulation (GDPR) is a data protection framework which provides a greater power to users who are sharing their data to businesses. This also defines set of rules for companies which are collecting and processing user data. All companies operating in Europe need to be bound by this law, and any data breach will attract a heavy penalty to these businesses. This applies to any type of data collecting from data forms, cookies etc. Each member state of the EU will have its own enforcement mechanism, with one GDPR supervisor per country.

Major points in Global Data Protection Regulation (GDPR)

  1. Definition of personal data has been changed from name, ID , bank details to broader terms involving cookies etc
  2. If someone in the EU wants a company to delete his or her data, send copies of the data, or correct an error in the data, companies have to comply.
  3. EU residents can now object to specific ways companies are using their data. This means that if a company is mining data for gather certain information, user may object, and get his/her data deleted
  4. This new law requires companies to notify users within 72 hours of a data breach
  5. The GDPR requires businesses and organizations to obtain parental consent to process the personal data of children under the age of 16
  6. Residents can make complaints to the governing body in their respective country. There is very strict penalty mechanism with maximum fine for a GDPR violation is 20 million euros or 4 percent of a company’s annual global revenue from the year before, whichever is higher.


All of the companies operating in European Union have compiled to this new changed law. It is for this reason we have been seeing privacy policy changes by almost all of the companies. Although all companies have changed their global data policy, but due to non-availability of proper data protection mechanism, companies will still collect and mines data from Non-EU countries. But, in any case, stricter European laws have shown a path, and remaining world will follow its path sooner or later.