The General Data Protection Regulation, or “GDPR” – “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. – was published 4 May 2016. Enforceable after a grace period of two year, from the 28th of May 2018.
PRIVACY BY DESIGN have been developed and conceptualised since the 90’s by Ann Cavoukian, Ph.D., and for the first time, a mandatory legal text has included its tenets, the GDPR.
The General Data Protection Regulation (GDPR) is not against data processing when done in respect with the data subject rights. The amount of electronically available data and curation and storage tools, justify a better protection. Privacy is a Fundamental Human Right, for dignity and freedom.
The CNIL investigated mobile applications using embedded software development kit (SDK) and ad biding gathering personal data even when the application is not in use. The data collection is activated by default, which is contrary to the principal of privacy by design.
There has been and still remains interrogations and uncertainties around the scope of application of the General Data Protection Regulation.
The General Data Protection Regulation applies to Personal Data. But do we know what exactly defines Personal Data? The UK ICO recently published a clarification document.
The crumbs of information left behind, get aggregated and build a picture, sometimes distorted, that follows us.
Since the UK referendum vote for BREXIT much has been speculated about the situation of the UK with regard to compliance to the GDPR enforceable from 28 May 2018. Although they are uncertainties, the recent UK Information Commissioner speech has reinforced the opinion that UK businesses need to get ready to comply.