Inside the European Union’s (and the world’s, by digital default) GDPR (General Data Protection Regulation) legislation…
…sorry, this is a real mouthful, and it’s even more difficult to type…bureaucratic BS is exhausting, especially of the globalist brand…
…there is a humorous passage buried in subsection #4, or something like that.
The processing of personal data should be designed to serve mankind.
I instantly thought of the last time I heard those words uttered in such an earnest, un-ironic manner. For the kids reading, this allusion harks back to an old Twilight Zone episode that concerned a nefarious authoritative entity that promised the same.
“To serve mankind,” the GDPR promises (it is 2018, so it’ s best they blur the gender-delineations).
Beware of such lofty promises for such virtuousness necessarily occludes the reality of human greed and ego. A greed-ego dynamic writ large across a dystopic First World continent mired in Third World murk.
The vast range of GDPR motivations are superficially lofty, to be sure. After all, in light of the constant barrage of security breaches we’ve experienced over the past decade, who doesn’t crave a little “security” where personal data is concerned?
This is the lofty:
Through the power of information technology, any enterprise that sells products or provides services via the internet is technically a global business. Regardless of whether your organization is a one-person operation selling novelty T-shirts or a Fortune 100 company providing sophisticated cloud computing solutions, you are likely to have customers residing outside your country of origin. In general, this is considered a good thing.
However, with that global reach comes certain responsibilities, some of which are codified in laws and regulations with specific, and potentially costly, consequences. For example, the European Union (EU) is about to begin enforcing a new set of regulations designed to protect the data security and the privacy of its citizens. Enforcement of the General Data Protection Regulation (GDPR) goes into effect May 25, 2018, and will be applicable to every citizen of the EU and any business entity that transacts with them, regardless of the location of the business.
What is not to like about this?
How about a disingenuous globalist behemoth “re-organization” which boasts “simplicity” while simultaneously constructing an infinitesimal strata of decrees and indirect directives which ultimately place the onus of regulation on “processors” and “controllers?”
Obviously, the new digital world of global interconnectedness requires a revolutionary paradigm by which standards and regulations are rendered diffuse and amorphous enough that there is little trouble applying them to country A as there is to country E. Shouldn’t such a universal regulatory tome be built by a global committee of nations rather than the unilateral and self-interested regurgitation by the European Union, alone? Essentially, the EU is being allowed to define the paradigm, and the United States, and the rest of the world, will be left little choice but to mold their entrance onto the world stage within the architectural demands of the EU’s regulatory auspices.
The GDPR whores out a common concern among small-fry internet users around the world. While half-heartedly attempting to implement volumes of remedies and deterrents against abuse of data, it merely opens up new avenues of profit for the big-fry business elites. The GDPR is a cynical attempt at masquerading concern for greed. Taking a cue from the Orwellian guidebook for weaponizing intricacy and double-speak in order to slip through new cultural definitions, the GDPR maps out a straight line of data security by diverting through thousands of inadvertent points of contact and clarification.
More like the EU lining the pockets of elite members courtesy of a lot of half-assed dramatic warnings and punitive threats.
Once GDPR comes into force, it’ll introduce a duty for all organisations to report certain types of data breaches which involve unauthorised access to or loss of personal data to the relevant supervisory authority. In some cases, organisations must also inform individuals affected by the breach.
Organisations will be obliged to report any breaches which are likely to result in a risk to the rights and freedoms of individuals and lead to discrimination, damage to reputation, financial loss, loss of confidentiality, or any other economic or social disadvantage.
In other words, if the name, address, data of birth, health records, bank details, or any private or personal data about customers is breached, the organisation is obliged to tell those affected as well as the relevant regulatory body so everything possible can be done to restrict the damage.
This will need to be done via a breach notification, which must be delivered directly to the victims. This information may not be communicated only in a press release, on social media, or on company website. It must be a one-to-one correspondence with those affected.
Under GDPR, when does an organisation need to make a notification about a breach?
The breach must be reported to the relevant supervisory body within 72 hours of the organisation first becoming aware of it. Meanwhile, if the breach is serious enough to mean customers or the public must be notified, GDPR legislation says customers must be made responsible without ‘undue delay.’
What are the GDPR fines and penalties for non-compliance?
Failure to comply with GDPR can result in a fine ranging from 10 million euros to four per cent of the company’s annual global turnover, a figure which for some could mean billions.
Fines will depend on the severity of the breach and on whether the company is deemed to have taken compliance and regulations around security in a serious enough manner.
The maximum fine of 20 million euros or four percent of worldwide turnover — whichever is greater — is for infringements of the rights of the data subjects, unauthorised international transfer of personal data, and failure to put procedures in place for or ignoring subject access requests for their data.
A lower fine of 10 million euros or two percent of worldwide turnover will be applied to companies which mishandle data in other ways. They include, but aren’t limited to, failure to report a data breach, failure to build in privacy by design and ensure data protection is applied in the first stage of a project and be compliant by appointing a data protection officer — should the organisation be one of those required to by GDPR.
The confounding permutations are endless and the breadcrumbs leading inexorably to bureaucratic insanity boggle the mind.
The GDPR proves that tyranny lives in the details…all of them. Globalism’s resounding details demarcate a new, technocratic tyranny of the 21st Century.
The tyranny, lest you underestimate it, is blinding in its ramifications and its bloody seepage into our every day lives, even here in the United States. Blog owners who use Disqus have been drawn in and cornered.