by Miguel Guerreiro
•
7 April 2021
Let us first start by clarifying, in the light of European legislation, what is meant by personal data. Personal data is “any information about a specific person, identified or identifiable, called the data subject.” Some examples are, the name of a person, their address, income or computer data such as the IP (Internet Protocol) address. The question that now arises is, shouldn't this data have always been protected and where did the need to protect it come from. From the moment we put our data on paper, on a website, or on social networks, we are no longer responsible for them. Until relatively recently, we relied on good faith and the protection of the platforms or companies we gave our data to. And it is far from the truth to say that there have been no breaches of data protection. Furthermore, the problem has worsened dramatically with the emergence of the internet and social networks. We have given our entire lives to private companies, and All these platforms are free for users. Although the revenue of these flagship companies is generated mainly through advertising, many of us worry what these companies know about us. We think that they might have our search engine history, our correspondence, our day-to-day activities duly scheduled. Or that social networks could expose our friendships, our tastes and interests, even our opinions, whether they have a political or religious connotation, among others. All of us assume that our personal data is very desirable for companies and networks so they target specific audiences in an effective and profitable way. In the wake of the Cambridge Analytica Scandal, the USA decided to take action on the regulation and data protection of these large companies. Following this example, the EU created the GDPR, an essential document in the protection of European citizens. This regulation applies to all companies that hold personal data within the European area. It requires meticulous regulation in corporate policies. For example in terms of equal opportunities and non-discrimination, personal data cannot be processed on: "racial or ethnic origin; sexual orientation, political opinions, religious or philosophical beliefs, union membership, genetic, biometric and health-related data, except rare specific cases. The regulation pushes the importance of maximum security and data protection within the IT and security policy so that everyone can protect and trust each other. Therefore, it is necessary to carefully comply with the GDPR and simultaneously integrate and reflect these same rules in corporate policies. Thank you for reading and lets hope that our protection will be increasingly valued and debated!