What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR came into effect across the EU on May 25, 2018.

BREAKING DOWN 'General Data Protection Regulation (GDPR)'

The GDPR was adopted in April 2016 and adds to the EU’s general policy of protecting citizen’s data. In addition to the notifications of collection and legal ramifications for misuse, there is also a requirement to obtain explicit consent, notify in cases of a hack or breach, appoint dedicated data protection officers and much more. For financial institutions, the new rules will require significant investments in compliance to ensure continuing access to the EU market. The new rules are also pushing firms to pseudonymize personally identifiable information (PII) prior to processing it, meaning that the data can’t be attributed back to a particular person. The pseudonymization of data allows firms to do some larger data analysis such as assessing average debt ratios of its customers in a particular region — that would otherwise be beyond the original purposes of data collected for assessing creditworthiness for a loan.

GDPR Versus Big Data

The GDPR has effects beyond lending, insurance and other firms where sensitive personal data is collected and processed as a matter of course. The rules apply to the human resources record of employees and even the IP addresses of people using online services. The GDPR builds upon data rights that the EU has been pushing for, such as the right of an individual to be forgotten and the right to data portability.

As such, it is expected that the GDPR will lead to data minimization where companies willingly prune down the amount of information they collect to the functional essentials needed to complete a transaction. This could be a reversal of one of the big data trends where companies seek to collect and analyze as much data on their customers as possible in order to gain new insights. This analysis can still take place after appropriate pseudonymization, but other data rights prevent those insights from being used to profile customers in a way that could be discriminatory or put them at a financial disadvantage. As the GDPR is a new regulation, there will no doubt be a period of adjustment where gaps and thorny issues like profiling are addressed.   

Challenges Associated With the GDPR

The decision to implement the GDPR has come with criticism. Those opposed to the new regulation say that the position of the DPOs could be an administrative burden for many EU countries. The guidelines were set to include social networks and cloud providers, but did not consider how to deal with employee data. In addition, data cannot be transferred to another country outside the EU, unless it guarantees the same kind of protection. Companies that didn't have this kind of privacy protection may be required to change their business practices. The costs associated with the proposed regulation may also increase (due to the need for more investment) and general education in data protection may also be required. Data protection agencies across the EU will need to agree to a standard level of protection, something that may not be easy as they may disagree in the interpretation of the guidelines. 

RELATED TERMS
  1. Compliance Cost

    Compliance cost refers to all the expenses a firm incurs in order ...
  2. Data Science

    Data science is a field of Big Data that seeks to provide meaningful ...
  3. Data Mining

    Data mining is a a process used by companies to turn raw data ...
  4. Markets In Financial Instruments ...

    MiFID is a European Union law which standardizes regulation for ...
  5. Data Loss

    Data loss occurs when valuable and/or sensitive information on ...
  6. Data Warehousing

    Data warehousing is the electronic storage of a large amount ...
Related Articles
  1. Tech

    How Big Data Has Changed Marketing

    Big data has enabled marketers to enhance their customer engagement and customer retention strategies by providing insight into behavior and thoughts.
  2. Tech

    Predictive Analytics Drives Return for Investors

    A new industry of predictive analysis has developed to make sense of big data and give investors real-time buy and sell recommendations based on the patterns forming in the data long before traditional ...
  3. Investing

    Microsoft Updates Privacy Policy for Windows 10

    Microsoft is gearing up to share more information about the data it collects from Windows 10 users.
  4. Insights

    World Bank Data For Dummies

    Developing countries can't always afford to track the data crucial to setting the right economic policies and programs. That's where the World Bank steps in.
  5. Tech

    Big Data Analysis: Modernizing Educational Methods

    Once a tool used to understand consumers, big data analysis is becoming a critical component in the creation of a modern, insight-rich educational system.
  6. Insights

    Countries With The Best And Worst Investor Protection

    Discover which countries do the most to protect the little guy from scheming executives and shady back-room deals.
  7. Financial Advisor

    The Risks of Investing in Art and Collectibles

    Investing in art and collectibles has the potential to lead to a big payday, but it's often a difficult road.
  8. Tech

    How Much Can Facebook Potentially Make from Selling Your Data?

    How much does Facebook stand to make by selling user data? Hard to be sure since they will never tell, but we try to extrapolate based on what we know.
  9. Investing

    Facebook Suspends WhatsApp Data Mine in Europe (FB)

    Amid intense pressure from data privacy watchdogs in the EU, Facebook has temporarily suspended its collection of WhatsApp user data for advertising.
RELATED FAQS
  1. Why is Average Collection Period important to a company?

    Discover why the average collection period can be a particularly important accounting ratio for a company that relies heavily ... Read Answer >>
  2. When should I use seasonally adjusted data from the consumer price index (CPI)?

    Learn what seasonally adjusted data is, how it is determined and when it should be used to evaluate the information gathered ... Read Answer >>
  3. Can companies insure their accounts receivable?

    Understand what credit insurance is and how it protects companies against payment problems they may encounter in trying to ... Read Answer >>
Hot Definitions
  1. Economies of Scale

    Economies of scale refer to reduced costs per unit that arise from increased total output of a product. For example, a larger ...
  2. Quick Ratio

    The quick ratio measures a company’s ability to meet its short-term obligations with its most liquid assets.
  3. Leverage

    Leverage results from using borrowed capital as a source of funding when investing to expand the firm's asset base and generate ...
  4. Financial Risk

    Financial risk is the possibility that shareholders will lose money when investing in a company if its cash flow fails to ...
  5. Enterprise Value (EV)

    Enterprise Value (EV) is a measure of a company's total value, often used as a more comprehensive alternative to equity market ...
  6. Relative Strength Index - RSI

    Relative Strength Indicator (RSI) is a technical momentum indicator that compares the magnitude of recent gains to recent ...
Trading Center