Ashish begins with the basic question – why was there a need for GDPR in the first place? The reason is the digital transformation the world has been experiencing. As everything goes online, people’s digital footprints become a huge source of their data. This data can be harnessed if collected, monitored and processed the right way. That’s what advertisers did, which helped them to boost their sales. But, this data was done with the users’ consent, raising data privacy concerns among them. In order to address these, the EU government came up with the GDPR.
Accordingly, GDPR transfers the control of data back to the users. Collecting, monitoring or processing their personal without their explicit, willing and freely given consent is illegal under GDPR. This applies to companies all over the globe, who collect, monitor or process the data on EU citizens. In case on non-compliance, fines can go up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher, depending on the severity of the violation.
Consent is the king. Lack of sufficient consent is considered as the most severe violation of GDPR, and is eligible to attract the highest fines. Hence, it is mandatory to have your consents in place.
Also, GDPR requires consent for working with the personal data. But one can always work one’s way around this by using non-personal data. Any generic data, which does not pin-point to a specific person shall work fine.
For more insights, read the full article here.