CYBERSECURITY AND PRIVACY WITH FREDERIKE KALTHEUNER: GDPR, A NEW ERA?


GDPR, a new era?

Frederike Kaltheuner, Data Exploitation programme lead at Privacy International, talks about Gdpr, the GAFA multinationals, compliance, fines, extraterritorial scope and digital rights.

Alex Tetradze

In response to Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?

I will do the last two on your list.

The GDPR applies to data controllers and data processors - in other words to every organisation that processes, stores, or transmits personal data of EU residents.
What’s the difference between data processor and data controller?  The main difference between the two is that controller decides how and for what purpose personal data is processed while the processor acts on the controller’s behalf but both have obligations under GDPR. 

The GDPR applies to processing of personal data of EU citizens. This means that it not only applies to EU based organisations, but that it also applies to organisations that are based outside of the EU that offer goods or services to EU citizens or any organisation that processes the data of EU citizens. In other words, the vast majority of organisations.

Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?
Lucas Jessen

In response to Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

Pretty much everything on the internet is target advertising, there is no point of me showing you an ad that has no relevance to you. Even when you are on YouTube, each time you click on a video the information is collected and based on algorithms the suggested videos on the landing page are impacted. The same goes for facebook, they even detect where you might have clicked at, meaning if you just hover on an ad or a post depending on the pattern of your movement the algorithm detects if you are interested or it's just a coincidence and acts on it.

As far as if politicians use the target advertising information collected by the giants in the web industry, read this and you will answer for youself.

daniel araujo

I have always wondered how they define what is considered 'personal data'.  It turns out the concept of ‘personal data’ is very broadly defined. In general, it means any type of information that relates to an identified or identifiable ‘natural person’ that allows the ‘natural person’ to be easily identified based on the data such as their IP address, ID number or their physical/physiological/genetic/mental/economic/cultural features or attributes.

George Waters

In response to Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

Forward-thinking organizations saw GDPR compliance as an opportunity to return to the drawing board and, in some cases, revisit their approach toward enterprise risk management.

Анета Владимирова

There is no doubt that GDPR has forced a much-needed debate about data use. Europe’s bureaucrats have achieved the seemingly impossible task of turning data regulation into a hot topic. 
 

Fabricio Ruiz

In response to PSJunkie

From what I understand GDPR deals with regulation of technology.  I know it is already in force in Europe, however, I cannot help but wonder whether, China and the US have something similar...

China’s cybersecurity law (which took effect in June) laid out broad principles, but left key issues related to implementation and scope unresolved. The idea was that follow-on measures and standards would fill in the gaps once stakeholders sorted out their differences. The cybersecurity law is made up of six systems which together form a framework governing information and communication technology (ICT) in China. This standard belongs under the fourth system, called “personal information and important data protection system.”

Renee Benton

You dont have to be expert in a field of technology to assume that your data is being given to multiple third party consumers without your permission. The problem lays in the fact that nobody really cares, if that doesnt harm them in any case. Advertisment targeting might be strong, but I think it is just the beginning.

Dorothea Petrescu

Marlies, here is an article that discusses target advertising and its use in political campaigns.  As it turns out, ad targeting is a pretty powerful tool.

Thomas Pfeiffer

As a europe citizen, I didn't notice a big improvement in any way. The facts that You lay out are correct and on point. GRPR also give us more freedom in the cyber space, but some people use this as an excuse to start a conflict.

PSJunkie

From what I understand GDPR deals with regulation of technology.  I know it is already in force in Europe, however, I cannot help but wonder whether, China and the US have something similar...

Slobodan Pavlicic

I have noticed recently that a lot of web sites have started asking for my permission to use cookies.  Does anyone know whether that may be related to GDPR in some way?

Rosanne Ostberg

Someone recently asked me what the penalties were for non-compliant companies that disregard GDPR.  In researching the topic I came across a couple of web sites that discuss those penalties: link 1, link 2, link 3.

Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

jet91

GDPR is perfect for China but not so much for Europe.


 


It is a law that is add work to the developers, without any real benefit to anyone. No one really read the 25 pages of term and conditions. It would be much more easier to warn everyone with messages like "what you do here is tracked... think about it before doing something". 


Internet is like a "video surveilled area", there is nothing to read or approve when you see a camera filming you... you know you are filmed, thats' it.

Please login or register to leave a response.