Data Privacy is becoming a huge concern, and governments have started to act on it. GDPR (General data protection regulation) is the first of its kind regulation enacted by the european union, that imposes restrictions on organizations on the way they collect, store, process and distribute data.
The concept is that ownership of individual’s identifiable information remains with the individual. The organization that collects this data for performing certain service is simply a steward of that information, and is responsible for its safekeeping and protection.
Organizations cannot collect more information than what is required for the service that they are offering. They need to get written consent of individuals before collecting individual’s identifiable information. They cannot process this information for activities that are not related to the purpose for which the data was collected. They cannot share this information to anyone unless the service that they are providing requires them to share it.
GDPR is being replicated by all other countries, and while GDPR only levies fines, some other countries might also levy criminal charges. This is a space to watch out for… whether data privacy laws will actually be enforced by nations, or whether we soon figure out that it’s too naive for us to even hope for any kind of privacy in the digital world.