Share This Article:Share on FacebookTweet about this on TwitterShare on LinkedIn

This article was co-written by Kris Lahiri, Data Protection Officer and Dawid Balut, Egnyte Architect.

Privacy is tremendously important in our lives. Most of us don’t want strangers to have access to our information, regardless of how personal it is. Generally, we want the ability to keep the stuff that’s private, private and this is the purpose of the GDPR. The regulation puts control of personal information back into the hands of those it belongs to (data subjects). It aims to ensure that privacy is respected and no one can access data without explicit consent from the data subject.

In the workplace, this can apply to employment contracts. Most employees don’t want to disclose their employment status or contract details to the public, let alone their colleagues. When too much personal data is exposed without proper context, it can result in political issues, a toxic workplace atmosphere, and broken professional relationships. We must do all we can to secure personal information so that it’s not unintentionally leaked or maliciously stolen.

Lots of businesses take a loose approach to data governance and neglect employee privacy rights. The GDPR gives employees leverage against poor corporate systems by enforcing what’s right. The regulation helps employees fight unethical business practices and will also force companies to restructure the way they collect and manage data. The GDPR requires organizations to diligently audit data repositories and relevant 3rd parties that have access.

In terms of why we need GDPR when there are so many security norms, experience shows us that existing security norms simply aren’t good enough. Few regulations have actually made a difference on a global scale. Since 1995, the EU has used the Data Protection Directive, but the superseding General Data Protection Regulation addresses a wider, more modern set of privacy challenges. The US has plenty of industry-specific laws like HIPkriAA, which regulates data processing in healthcare, but still lacks a regulation to govern them all.

These regulations have been around for decades, yet each year there are multiple security breaches which lead to data leaks that can devastate people’s online privacy. GDPR should surpass previous laws that proved ineffective. Something had to be done because most companies had no real incentives to improve security.

The GDPR should have a positive impact on the public and companies forced to update current systems. However, the GDPR will not solve all of the challenges around data privacy — currently, no one solution can. Data security is a dynamic field that requires further exploring in order for it to improve.

Some people believe the GDPR is a political and economic tool designed to help the EU compete with US markets. While this may be true to some extent, I will not discuss political matters. I believe the regulation stands for a necessary and noble cause.