While the demand for data is growing, processing of personal data increasingly requires compliance with more stringent, multi-jurisdiction, and sometimes overlapping laws and regulations. Standardizing interpretation and enforcement are essential among the 27 EU states and their neighbors to ensure that AI technology can continue to evolve while protecting personal data. The European General Data Protection Regulation (GDPR) is the strictest data protection regulation out there right now, and to say it can be difficult to interpret would be an understatement.
The essence of GDPR is that personal information has to be used in a way that protects the privacy of the person/data subject and keeps that person fully informed of how their data is to be used both now and in the future (if at all). Each person has the righ to decide how his or her personal data is utilized, including the ability to not have their data used at all.
In summary, GDPR requires:
- Full control of personal data, and to be clear about what the data is going to be used for. At the moment of data collection, the company must explain clearly this use of personal data to the subject, so the person can make an informed choice on whether or not to consent to the data collection.
- A limit on the amount of data collection to the minimum necessary for achieving the goal for which the data is going to be collected and processed.
- Data subjects to be informed on who is the data controller, how to contact the data controller, the legal basis for processing the data, what categories of personal data are going to be processed. The data subject’s rights also must be made explicitely clear in plain language (non-technical, no jargon) .
- The company to document how the data protection requirements are met.
GDPR compliance requires expert legal advice in the area, or outsourcing the data collection and annotation to companies, such as Sigma, that is GDPR compliant and has specialized personnel to undertake personal data projects.
A company that is GDPR compliant is also well positioned to be compliant with the California Consumer Privacy Act (CCPA).
