Fingers typing on a laptop with notepad, pen and mug in the background
View all research highlights

Making sense of data legislation

Digital Future societies and communities
Published: 8 February 2022

The General Data Protection Regulation (GDPR) came into force in May 2018. It changed the way we use data in the UK and EU. Data controllers and processors can be fined for breaches and non-compliance.

Understanding the legal implications

IT law and data governance researcher, Professor Dr Sophie Stalla-Bourdillon at Southampton, examines what this means for businesses and individuals. 

鈥淚鈥檓 trying to see to what extent GDPR changes practice, and whether it meets the needs of individuals 鈥 or 鈥榙ata subjects鈥 鈥 and people working with data. I鈥檓 also working to understand new opportunities or to what extent GDPR imposes more constraints on the way we deal with data.鈥

Personal data must be processed for a specific reason, lawfully and transparently. It must be used with consent of the data subject and must not be held for longer than needed.

This change is better for individuals because we now have:

  • the choice to 鈥榦pt in鈥, rather than 鈥榦pt out鈥 of company privacy policies
  • the right to have our information removed from company records

The implications for organisations is that they need to make sure governance structures are in place to comply with the legislation.

Creating opportunities with anonymisation

Working with data using techniques like anonymisation or pseudonymisation can also present valuable opportunities. Anonymisation removes information that can identify an individual person in a data set and pseudonymisation replaces it. 

Sophie is studying how these approaches can be used:

鈥淚鈥檓 trying to understand what anonymisation is - when you can speak about anonymised data and when you can鈥檛 - and what the implication of this spectrum of personal, pseudonymised and anonymised data is.鈥

Sophie鈥檚 work will help companies understand when they are dealing with personal data, and when they are outside of the scope of the GDPR.

Sophie again:

鈥淲e want to gather data sets from data providers, and then offer start-ups and innovators the option to use these data sets to innovate, and come up with solutions to specific challenges we're facing.鈥

Connecting organisations working with data

Southampton is also leading 鈥 an international innovation programme working to connect organisations with subject matter experts and start-ups working with data.

The Data Pitch team are investigating how data can be used to solve problems across different industries including:

  • sport and recreation
  • retail supply chains
  • tourism
  • lifelong learning
  • transport

Sophie says:

鈥淚鈥檓 working on Data Pitch to understand to what extent data protection creates barriers to open innovation, and the interplay between the two."

Related publications

Sophie Stalla-Bourdillon, Gefion Thuermer, Johanna Walker, Laura Carmichael & Elena Simperl, 2020, Data & Policy, 2
DOI:
Type: article
Sophie Stalla-Bourdillon & Alison, Mary Knight, 2019
DOI:
Type: bookChapter
Sophie Stalla-Bourdillon, Gefion Thuermer, Johanna, Catherine Walker & Laura Carmichael, 2019
DOI:
Type: conference

Related institutes, centres and groups

Law and Technology Centre

The Law and Technology Centre brings together leading scholars with shared research interests in the intersection of law and technology drawing on the long-standing reputation of Southampton Law School as a vibrant hub in this field.