Why do we need GDPR?
Why is GDPR important? Why does the Regulation apply to the whole world? Why has it needed?
Consultants of Data Privacy Office have heard these questions many times. Let’s answer them!
Let’s start with question: “Why was the adoption of the GDPR needed?”. Since the advent of the Internet of Things and the entry into force of the Regulation, the realities of life have changed a lot. Millions of terabytes of personal data have become publicly available online. People stopped feeling safe. Hundreds, if not even thousands, of companies have become hunted for people, their daily choices, preferences and personal data.
And in this hunt, large companies have a rule that the winner is the one, who received most of the possible personal information and manipulates the consciousness, fears, desires, and needs of people as effectively as possible. Those who refuse to do this, including for moral reasons, risk losing.
This is how a global trend was formed: if a business wants to develop rapidly, it must become data-oriented (collect, accumulate personal data, come up with new ways and purposes for using them). Then other market players look at this company and begin to collect even more information, turning this into a competitive advantage. As a result, everyone is in the game, although they didn’t intend to.
This was compounded by the fact that, prior to the adoption of the Regulation, the rules about the careful use of personal data were “cheaper” to violate, since fines were rarely applied and in small amounts. Therefore, it turned out to be unprofitable to implement a personal data protection system, and the cost was too high.
After the Regulation was adopted, some of the rules for working with personal data were changed and fines were increased. It has become more profitable to immediately provide a budget for caring for users: to protect them from possible risks associated with the use of their personal data. Moreover, the working hours of professional consultants have become more affordable. Of course, some companies continue to follow the old scheme, where personal data is viewed only as an asset, but not as a risk.
True, now the rules of the game have changed. In the long term, companies will survive only if that have changed, continuing to collect only the data they need, while not posing a threat to the people who trust them.
Therefore, European voters, faced with these constant and gross violations of their right to privacy, voted for those parties and those politicians who proposed a stricter policy towards violating companies. As a result, the adoption of the Regulation was not stopped even by lobbyists of transnational corporations, who tried to make the Regulation softer or so that it was not adopted at all.
The regulation is a logical continuation of the previous EU legislation, because it is difficult to create a more effective mechanism for regulating privacy. The GDPR has changed some key points in the field of personal data processing and increased the cost of breaking the rules.
Thus, when the European Union ratified the Regulation, a lot of the countries had no other choice but to follow the general trend of privacy protection and introduce similar laws. At the same time, other countries began to develop their legislation on the right of information privacy so quickly and force businesses to protect the personal data of customers not at the will of voters. In most cases, this was due to business lobbying. When a large agglomerate of countries like the European Union adopted norms of behavior, many countries that trade and do business with the EU were shocked. The states were faced with a choice: either to introduce similar legislation so that the gap between the legal systems does not grow, or to completely lose the European market, since it is no longer possible to freely use the personal data of subjects from the EU.
The GDPR in Article 44 introduced restrictions on the transfer of personal data of subjects outside the European Union. Therefore, companies that made money through the use of personal data were forced to comply with the Regulation in order to keep their business. States, that want to cooperate with the European Union, began to urgently introduce legislation to ensure strict protection of personal data. Sooner or later, almost all countries will introduce similar legislation.
Today it is difficult to assess the worldwide trend of tightening privacy legislation. On the one hand, there are companies that benefit from the processing of personal data – this is all consulting, IT, grocery, transport and logistics companies, medical and insurance services, and others. On the other hand, absolutely each of us is a subject of personal data. And each of us is interested in his personal information being protected from illegal attacks.