What does General Data Protection Regulation actually achieve?

Ok so GDPR it a regulation.
Regulations don’t actually do anything.

Why the question?

With many well documented hacks occurring recently I’m seeing many comments claiming … if GDPR had implemented then the data wouldn’t have been exposed.

To me that’s utter diatribe as a regulation is not a protection against anything.

From someone who doesn’t reside or do business where GDPR legally applies what does it actually DO to protect my data from being accessible when the business system is hacked?

It does not protect your data, it only allows people and governments to sue corporations who abuse it. There have been some good moves overall when it comes to privacy because of the GDPR, for example the rulings against Google Analytics and Google Fonts. However, the theory behind the commentators statements is that if GDPR was universal, companies would be incentivized to collect less data in the first place, and therefore there would be less data to leak. This may be true in some cases, and it may not be, we know that companies aren’t exactly the greatest rule-followers.

tl;dr: You need encryption to personally protect yourself, you need regulation to see broader societal change.


As I figured and thanks :pray:

My Observation FWIW

The majority of successful cyber-attacks start with a failure to identify a fake email or SMS and responding to the fake links. The end result being sharing login information or passwords or a careless document download.

It only takes one compromised link in the chain to breach the chain and allow an unauthorised money transfer or access to sensitive documents.

Whether it is teenagers looking for an open door or sophisticated foreign criminals, the majority of breaches have one critical aspect HUMAN ERROR.

In essence technology or regulation alone cannot stop human error, as people make assumptions regarding SMS and email communications all too often.

Regulation, software and insurance isn’t a silver bullet