If you’ve read the latest the headlines (or your e-mail inbox), you are most likely to have run into the GDPR at least once. Or maybe you have been hearing about it for a while and wonder if or when it is going to become effective.
Companies are running to ensure compliance with the GDPR to rest assured that they can't be indicted for any crime. And they do well by worrying. Are you ready too?
What is the GDPR and how does it affect your business?
The General Data Protection Regulation (GDPR) is a European law that imposes a strict data protection compliance regime, with severe penalties of up to 4% of worldwide turnover. In an age of an increase of the economic value of personal data in the digital economy, the GDPR also establishes a new set of digital rights for the European Union citizens. It aims to harmonize the different existing national regulations on the data protection subject.
If you have your business in the United States you may be thinking “Why should I care?”. Well, one of the aspects the GDPR changes is that the European data regulation now affects any enterprise in the world, as long as they handle personal data of individuals located in the EU.
Why is it important now?
The GDPR was approved 2 years ago, but becomes enforceable from May, 25th on, after a transition period conceived for people and companies to adapt. This means the sanctions described in the law have not yet been imposed, but that is going to change in May. And they can be indeed severe:
- A fine up to 10 million euros or 2% of the annual worldwide turnover of the preceding financial year, whichever is greater, if your company:
- stores personal data of a child that is younger than 16 years old without their parents’ consent
- doesn't inform a customer that it doesn't require him/her identification anymore, when you no longer need it
- doesn't implement appropriate technical and organizational measures, such as anonymization
- A fine up to 20 million or 4% of the annual worldwide turnover of the preceding financial year, whichever is greater, if your company:
- doesn't process personal data lawfully, fairly and in a transparent manner with customers
- doesn't collect personal data for specified, explicit and legitimate purposes
- processes personal data incompatibly with the purposes specified
- requires personal data beyond what is adequate, relevant and limited to the purposes specified
These are only examples; the full text of the regulation can be found in the GDPR official site. However, we don't want to scare you. For starters, Elizabeth Denham, the UK Information Commissioner, stated: "While fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well suited to the task at hand and just as effective". Besides, there's a solution for everything.
What is considered to be personal data?
The European Commission defines personal data as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” This is more or less what in the US is called personally identifiable information (PII).
The challenge is to detect these personal data and anonymize them to be able to process them without any legal concern.
Here at Bitext, as NLP providers we are specialists on detecting patterns in texts and can take care of the whole anonymization preprocessing task for you. Learn how it works by downloading the whitepaper below.