GDPR: a new buzzword or a new reality? - My Datafication

22 March, 2018

GDPR: a new buzzword or a new reality?

If you are an EU data professional, business analyst or even just working in IT you should have heard the buzz around GDPR, the new EU General Data Protection Regulation. It is the most important change is the European data privacy regulation in the last 20 years, had been prepared and debated in EU for four years and was approved by the EU Parliament on 14 April 2016. However, the most important date about GDPR is 25 May 2018, the day of its enforcement across the whole European Union or organizations that interact with EU citizens.

Triggered by the GDPR buzz I have started reading about the new regulation, have completed an online course about GDPR essentials and still keep up with the latest news of the regulations which I want to share with you through a series of GDPR-related posts. However, before diving into the details of the regulation, let's summarize the key changes and impact for businesses. Please note that anything mentioned in this blog does not constitute legal advice and neither 'My Datafication' nor the author represent your interests. The post aims to communicate the regulation in a simplified way, but if legal advice is needed you should consult a certified law professional. 

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC after four years of debate. It was designed to align the data privacy laws across the EU countries, to protect EU citizens data and privacy from breaches. Since the 1995 directive the data-driven world has been changed dramatically and the regulations focuses on closing the gap through the following key points (changes):

  • Consent 
With the new regulation consent, must be clear and separate from other matters, described in an easy-to-understand way and easily accessible form (long illegible terms are no longer allowed). Consent form should attach the purpose for data processing and allow easy withdraw.

  • Penalties
In case of GDPR breach organizations can be fined at least 2% of their annual global (not local) turnover (not only profit) or 10 million euros (whichever is greater). However, the fine can be as high as 4% of their annual global turnover or 20 million euros (whichever is greater).

  • Increased Territorial Scope
Regardless of the company location (e.g. USA) they should conform with the new regulation if they are processing the personal data of data subjects residing in the European Union.

  • Breach Notification
Whenever a data breach occurs and may result in a risk of rights or freedoms of individuals organizations should reported it within 72 hours after becoming aware of it. Data processors should notify customers and controllers as soon as possible.

  • Right to Access
According to the GDPR all data subjects have the right to obtain from the data controller of the organization a confirmation as to whether or not their personal data are being processed, where and for what purpose. They can also require a copy of their personal data free of charge.

  • Data Erasure
This is the right to be forgotten, i.e the data subject can require the data controller to erase their personal data, stop using or distributing the data and cease third partner data processing. This happens either because the data subject withdraws consent or the data are no longer relevant to the original purposes for processing.

  • Data Portability
It is the right for data subject to receive their personal data that concern them and transmit that data to another data controller.

  • Privacy by Design
GDPR calls controllers to hold and process only the data that are absolutely necessary for the completion of its duties, as well as limiting access to personal data to those needed to process the data.

  • Data Protection Officers
DPOs will be required for those data controllers and processors whose processing operations require regular monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.

If you would like to learn more about GDPR stay tuned with 'My Datafication' for the upcoming posts about the regulation or visit the official GDPR website ( which I used as the main source of information for this post, too. Alternatively, is a thrid party resourcee that summarizes the main points of the regulation. What do you think of GDPR? If you have any question or just want to share you thoughts with me write your comment below or email me directly at 

DISCLAIMER: Neither My Datafication nor the author represent you, and they are not giving legal advice. The information conveyed through this blog is not intended to give legal advice. It aims to communicate the basic information about the regulation and help readers understand the basic concepts. If any doubt or legal advice is need, consult a certified law professional.


  1. Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more.

    AI Course in malaysia

  2. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
    data analytics course
    big data analytics malaysia
    big data course

  3. i am for the first time here. I found this board and I in finding It truly helpful & it helped me out a lot. I hope to present something back and help others such as you helped me.
    360DigiTMG PMP Certification
    360DigiTMG PMP Course
    360DigiTMG PMP Course in malaysia
    360DigiTMG PMP Training in Malaysia
    360DigiTMG PMP Training

  4. I was very pleased to find this site.I wanted to thank you for this great read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post.
    data science course