GDPR: The human factor

What has dry regulation known as GDPR, got to do with humans? Answer, almost everything.

A recent survey by ForgeRock found that 57 per cent of UK consumers are worried that they have shared too much personal data online. 53 per cent said they would not be comfortable if their personal data was shared without their permission and a further 58 per cent said they would stop using a company’s service completely if it shared data without permission.

In short, humans care about their privacy. And that is why the General Data Protection Regulation exists.

We also live in the age of artificial intelligence – data is the new oil, as computer algorithms, via the amplification of the latest in computer hardware, analyses data and draws inferences about us. It feels very non-human like.

Yet, we are told that AI is about personalisation – making services  just right for each person. Is AI going to make data more or less human?

GDPR is meant to make it more human.

At a recent GDPR Summit in London, Ardi Kolah, Editor-in-Chief, Journal of Data Protection & Privacy said that it is a “mistake if your starting point, when looking at GDPR is fines or sanctions.”

To the contrary, he added, “trust is the starting point. If they can create trust, companies can do more not less with personal data.”

That’s why GDPR is about humans – creating an environment in which we feel we can trust companies with our data.

So whether it be subject access requests, an individual exercising their right to be forgotten, implementing procedures to minimise the risk of a data breach, and putting a plan together on what to do if the breach happens, or getting user consent and perfecting privacy policies, GDPR enforces behaviour upon companies that emphasises the human factor.

GDPR is also about keeping data relevant, not holding onto data you don’t need, making sure privacy policies are specific to particular data.

In short  people are all different, and so is the way we use data. That is why human factors are right at the core of what GDPR is all about.

Continue your journey to compliance at the GDPR Summit London, 155 Bishopsgate on 23rd April here


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/