The GDPR: A Call For Compassion
For many companies today is D-Day: the GDPR (General Data Protection Regulation) is effective as of this date (25 May 2018). For me, this day holds a call for compassion.
As much as companies have prepared themselves for this new regulation, or tried to prepare themselves, we still live in an Universe of infinite possibilities. So, as I am writing this post, a BBC article reports that “[a] number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect.” No surprise there. No worries either. Take a breath, and read on.
The Call For Change
“Mastercard, for instance, has built portals for card holders to check what data are being kept. Efforts of this sort have made the company “more mindful” about how it treats personal data, says JoAnn Stonier, Mastercard’s chief data officer. Such mindfulness will spread. Firms have to make sure that businesses from which they receive personal data, and ones to which they send such information, are also in compliance. The idea is that the GDPR should become self-policing.”
Change usually feels like a pain in the butt at first, but we all know that – eventually – we will get used to this new approach to dealing with personal data online. We might want to invite some compassion, though.
The Call For Compassion
To me compassion is an act of love where empathy and sympathy are being put to practice in order to relieve suffering.
In the case of the GDPR, our suffering used to consist of not knowing what companies were doing with our personal data online (before 25 May 2018). Our current suffering, however, consists of a flood of emails about privacy updates, several law regulated changes that we have to make, and the fear that we’re still overlooking a part of the GDPR – which could possibly lead to a fine.
Okay, let’s take a deep, deep breath and invite some compassion here.
As much as the required changes may feel overwhelming at the moment, a compassionate approach means dealing with the issue as best as we can deal with it NOW. It means not judging ourselves for what we don’t yet understand, nor judging others for a different tempo in this change. With continuous awareness, the required adaption follows the flow – that too, is a Universal law.
There’s the bigger-picture-point-of-view as well:
As I have stated before, I perceive the Internet as a new part of society that – in our ignorance and process of growth – has been de-humanized on many levels. More recently, though, we are (re)awakening to the Internet’s capacity to connect us on a human level as well as the known technical level. In my view, the GDPR is an important part of this growth and awakening process. The regulation emphasizes a more understandable way of communicating which (parts of our) personal data will be used for what purpose. Thinking of how I usually glance over the policy statements that seem to have been written so that only lawyers really understand them, and simply continuing by ticking the box to agree with those complicatedly formulated terms and conditions, I welcome a change to better comprehensible statements. And when I write “I”, I don’t think I’m the only non-lawyer that never understood what she was actually agreeing to.
So, at the level of a more human Internet I see the GDPR as a contribution to that. Perhaps it doesn’t yet contribute to more clarification, perhaps it never will. What’s most important is that the intention for transparency and clarification is there. It’s a start. It’s a start to the introduction of an Internet where the elements of Love, Peace, Joy, and Community are more prevalent – it’s a start to a more compassionate world (wide web).