D Justhy

Forget GDPR. Think Person.

Organisations spend tens or hundreds of millions of dollars on regulatory initiatives. It’s easy to get muddled up in regulatory details and lose focus on what actually matters.

Yes, the pragmatist would say – let’s just focus on what the document says and get done with it. That is true. We must stick with the details of the regulatory documents. No doubt about this.

However, it is more important for everyone involved in responding to this regulation, to imbibe the true spirit of this regulation, and that is about the ‘protection of the person.’ And in the process, an opportunity is likely to be created to better manage your billion dollar byte.  Otherwise, your regulatory spend will just become a sunk cost and that will hurt you over the coming years and there could be a tendency to view this regulation pessimistically. And that would be sad.

Here are five points to help the busy executive or technologist manoeuvre this topic.

  1. The General Data Protection Regulation has been published in the Official Journal of the European Union.

The Legislative acts has been documented with the title below:


on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

  1. GDPR is about personal data

It’s all about the person and their personal data. This data is the most important and the most valuable, in the digital age and in the digital world. This is the reason, I call this the ’The Billion Dollar Byte.’

  1. GDPR is all about protecting personal data as a fundamental right

The regulation sets out principles and rules on the protection of natural persons with regard to the processing of their personal data in order to  respect their fundamental rights and freedoms, in particular their right to the protection of personal data, regardless of their nationality or residence.

This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

Directive 95/46/EC of the European Parliament and of the Council (4) seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States of the European Union.

The processing of personal data should be designed to serve mankind, and rightly so.

  1. The right to protection of personal data is not an absolute right

It must be recognised that the right to protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.

This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

  1. Everyone’s personal data needs to be protected in a rapidly developing world

Rapidly changing technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the European Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.