What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.

BREAKING DOWN 'General Data Protection Regulation (GDPR)'

The GDPR was adopted in April 2016 and adds to the EU’s general policy of protecting citizen’s data. In addition to the notifications of collection and legal ramifications for misuse, there is also a requirement to obtain explicit consent, notify in cases of a hack or breach, appoint dedicated data protection officers and much more. For financial institutions, the new rules will require significant investments in compliance to ensure continuing access to the EU market. The new rules are also pushing firms to pseudonymize personally identifiable information (PII) prior to processing it, meaning that the data can’t be attributed back to a particular person. The pseudonymization of data allows firms to do some larger data analysis - such as assessing average debt ratios of its customers in a particular region — that would otherwise be beyond the original purposes of data collected for assessing creditworthiness for a loan.

GDPR Versus Big Data

The GDPR has effects beyond lending, insurance and other firms where sensitive personal data is collected and processed as a matter of course. The rules apply to the human resources record of employees and even the IP addresses of people using online services. The GDPR builds upon data rights that the EU has been pushing for, such as the right of an individual to be forgotten and the right to data portability.

As such, it is expected that the GDPR will lead to data minimization where companies willingly prune down the amount of information they collect to the functional essentials needed to complete a transaction. This could be a reversal of one of the big data trends where companies seek to collect and analyze as much data on their customers as possible in order to gain new insights. This analysis can still take place after appropriate pseudonymization, but other data rights prevent those insights from being used to profile customers in a way that could be discriminatory or put them at a financial disadvantage. As the GDPR is a new regulation, there will no doubt be a period of adjustment where gaps and thorny issues like profiling are addressed.   

Challenges Associated With the GDPR

The decision to implement the GDPR has come with criticism. Those opposed to the new regulation say that the position of the DPOs could be an administrative burden for many EU countries. The guidelines were set to include social networks and cloud providers, but did not consider how to deal with employee data. In addition, data cannot be transferred to another country outside the EU, unless it guarantees the same kind of protection. Companies that didn't have this kind of privacy protection may be required to change their business practices. The costs associated with the proposed regulation may also increase (due to the need for more investment) and general education in data protection may also be required. Data protection agencies across the EU will need to agree to a standard level of protection, something that may not be easy as they may disagree in the interpretation of the guidelines. 

  1. Compliance Cost

    Compliance cost refers to all the expenses a firm incurs in order ...
  2. Personally Identifiable Information ...

    Personally Identifiable Information (PII) is information that, ...
  3. Data Mining

    A process used by companies to turn raw data into useful information. ...
  4. Data Loss

    Data loss occurs when valuable and/or sensitive information on ...
  5. Regulation F

    A regulation set forth by the Federal Reserve. Regulation F specifies ...
  6. Cloud Security

    Cloud security is the protection of data stored online from theft, ...
Related Articles
  1. Investing

    The Impact of Brexit on Facebook

    Learn how currency swings, trade agreements, privacy issues and consumer demand stand to impact Facebook following the Brexit vote.
  2. Tech

    How Big Data Has Changed Finance

    The vast proliferation of data and increasing technological complexities continues to transform the way industries operate and compete.
  3. Tech

    Data Analyst: Job Description & Average Salary

    Learn about a data analyst career and how much money you can expect to make. Understand the skills and education needed to become a data analyst.
  4. Tech

    Predictive Analytics Drives Return for Investors

    A new industry of predictive analysis has developed to make sense of big data and give investors real-time buy and sell recommendations based on the patterns forming in the data long before traditional ...
  5. Tech

    Big Data Analysis: Modernizing Educational Methods

    Once a tool used to understand consumers, big data analysis is becoming a critical component in the creation of a modern, insight-rich educational system.
  6. Insights

    World Bank Data For Dummies

    Developing countries can't always afford to track the data crucial to setting the right economic policies and programs. That's where the World Bank steps in.
  7. Investing

    Microsoft Updates Privacy Policy for Windows 10

    Microsoft is gearing up to share more information about the data it collects from Windows 10 users.
  8. Insights

    Countries With The Best And Worst Investor Protection

    Discover which countries do the most to protect the little guy from scheming executives and shady back-room deals.
  9. Insights

    The Pitfalls Of Financial Regulation

    Regulatory actions usually have lofty intentions that end up with unintended and negative consequences.
  10. Tech

    Data Analyst: Career Path & Qualifications

    Explore becoming a data analyst, one of the hottest careers in the current economy; learn about the career paths and the qualifications you need to get hired.
  1. What types of data are mined for business intelligence?

    Learn about data mining and how businesses use data analysis in business intelligence to improve their operational efficiency ... Read Answer >>
  2. To what extent does government regulation impact the electronics sector?

    Learn more about production regulation in the electronics industry and how these regulations may contribute to lesser productivity ... Read Answer >>
  3. Why is Average Collection Period important to a company?

    Discover why the average collection period can be a particularly important accounting ratio for a company that relies heavily ... Read Answer >>
  4. How can a creditor improve its Average Collection Period?

    Read about some of the ways that a business can improve its accounts receivable management practices to shorten its average ... Read Answer >>
  5. Does consumer protection cover my debts?

    Discover what type of consumer debts are protected through a variety of federal regulations, and learn how protections change ... Read Answer >>
Hot Definitions
  1. Federal Funds Rate

    The federal funds rate is the interest rate at which a depository institution lends funds maintained at the Federal Reserve ...
  2. Call Option

    An agreement that gives an investor the right (but not the obligation) to buy a stock, bond, commodity, or other instrument ...
  3. Standard Deviation

    A measure of the dispersion of a set of data from its mean, calculated as the square root of the variance. The more spread ...
  4. Entrepreneur

    An entrepreneur is an individual who founds and runs a small business and assumes all the risk and reward of the venture.
  5. Money Market

    The money market is a segment of the financial market in which financial instruments with high liquidity and very short maturities ...
  6. Perfect Competition

    Pure or perfect competition is a theoretical market structure in which a number of criteria such as perfect information and ...
Trading Center