GDPR

Adatvédelem mindenkinek / Data protection for everyone

Achilles and Data Protection

2018. január 28. 23:00 - poklaszlo

or what does Zéno’s paradox tell us about GDPR compliance?

Each year, on January 28, the Data Protection Day is celebrated. Why on January 28? The reason is that the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was opened for ratification on that day in 1981. In 2018, data protection is a particularly important topic, since the EU’s general data protection regulation (GDPR) will become applicable from May 25.

The 2-year preparation period for applying GDPR comes to its last, perhaps most intensive stage. For now, many data controllers and data processors have acknowledged that they need to take steps to comply with the new data protection regime. In the preparation process, we can often have the feeling that Zeno’s famous paradox of Achilles and the tortoise is very true in the field of data protection:

Achilles competes with a tortoise. The famous runner allows the tortoise a head start. After the start of the race, the quicker runner reaches the point where the slower started, meanwhile the slower runner has also advanced. However, when the faster runner reaches this new point, the tortoise is a little further forward again. Apparently, Achilles can never overtake the tortoise. 

As recounted by Aristotle: “In a race, the quickest runner can never overtake the slowest, since the pursuer must first reach the point whence the pursued started, so that the slower must always hold a lead.” (In Physics VI:9, 239b15, source: Wikipedia, Zeno's Paradoxes)

Why does this come to mind when pursuing GDPR compliance? Perhaps because, in the process of data protection compliance, it is almost impossible to have a moment when we can say: "We are fully prepared, there is not anything else to do." Rather, data controllers (and processors) need to constantly make efforts to comply with data protection rules and changing practices.

In the context of GDPR compliance, it is worth noting that it is not a task to be accomplished once, but a change of approach that needs to be continuously part of the regular, day-to-day operation of data controllers and processors.

If this is the case, perhaps a minimum distance can also be reached from the need to comply with applicable rules in data processing: in physics that minimum distance is known as the Planck length, that is, the shortest meaningful length! (By the way, the Planck length is 10-33 centimeters.)