As 2018 comes to a close, most companies, firms, and agencies which participate in data collection are undoubtedly aware of GDPR and have probably taken some measures to comply with new data protection rules. However, Thomas’ key questions and answers may provide even more security and awareness to all data collectors wanting to know more about what GDPR actually means to them six months in.
GDPR defined ‘personal data’ as any information that can be associated with an identifiable person. These data include but are not limited to names, any form of ID number, geographical or location data, and online nominatives or identifiers.
The GDPR applies to all organizations that collect or process data of EU residents, offer services, or sell goods to them regardless of the location of the organization itself.
- Controllers – Bodies that control and determine the filters, purposes, and means of processing data
- Processors – Bodies that carry out the function of processing data on behalf of the controller
Where Are We Now?
The legislation itself seemed strict and definitive. So much so, that it sent European and non-European organizations into a frenzy of panic and preparation before the May 25th deadline. But here we are, at the six-month mark since the legislation came into effect and as we attempt to analyze the ‘real-world’ impact, we are left with a lot of questions. For example: Where does the ad tech industry go from here? In what situation should one really be classified as a controller vs. processor? And will these classifications be practically applied?
There was widespread industry alarm before GDPR became official as almost every reputable firm buffed up with attorneys and legal consultants. Executives conferred with partners, professionals, and internal and external consultants, then took actions to make their companies ‘GDPR compliant.’ Some organizations decided on being extra cautious and over-prepared, almost stifling everyday, business life. Others seemed more lax, having changed little to nothing about their data policies. Whichever side of the spectrum of preparedness your company lands on, you might take comfort in that fact that so far, there have only been a few court cases brought to European courts using GDPR as the main argument. Even fewer fines have actually been issued by the data protection authorities.