This is not \u201cyet another\u201d article spooking you with the eye popping \u201cFines of up to 4% of revenue or 20 million Euros for failure to meet GDPR regulations.\u201d There are plenty of webinars, self-styled GDPR analysts and experts who are drumming up the fear of the upcoming looming GDPR May deadline. Granted, some may be motivated to educate, but a bulk are hoping to monetize the spend that goes into data classification, encryption, key management and the like. Which is fair if you are a business who is looking for a compelling event to monetize but I believe we are selling ourselves short as a technology community. There is a higher moral ground that we need to strive for. That higher bar that I refer to is a different expansion of the GDPR acronym \u2013 Genuine Data Protection Renaissance.Before you fall off your chair let me explain. The main tenets of GDPR \u2013 data portability, breach notification, data protection by design and default, data\/storage minimization, opt-in consent, right-to-erasure, appropriate technical measures, evidence of compliance \u2013 are amazing codification of laws that every service provider and vendor on this planet - that may or may not be impacted by the regulatory framework itself \u2013 would do well to make an integral part of their DNA and offering \u2013 for their existence and their customers\u2019 well-being. Sound like fiction? Let me explain.1. Data portabilityWith the cost of storage plummeting, sensors everywhere and the need to understand your customer \u201cdeeply\u201d \u2013 collection of data is becoming the norm (see #3 where I talk about this issue). But along with this collection, if there is a consequential & moral decision that all this data needs to be portable that can be handed over to me \u2013 the end customer - on demand, imagine \u201cwhat a wonderful world it would be.\u201d2. Data protection by design and defaultAgain, every piece of data that is collected needs to be, by definition, secured. Period. That becomes the design criteria for every product, architecture and service. I can sleep soundly at night.3. Data\/storage minimizationI have heard this phrase at least a hundred times just in 2018 across vendors and service providers. \u201cWe collect data because we can, we will decide later what to do with it\u201d. #Stop. Just because you can doesn\u2019t mean you should. And this tenet codifies that. Stop instrumenting me all the time.4. Opt-in consentIf I did not explicitly say \u201cI do,\u201d it means I said, \u201cI do not.\u201d Because by default I always say \u201cNo.\u201d And that does not mean that you \u2013 Mr. Provider \u2013 paralyze me with a 60-page EULA that I have no option but say \u201cI do\u201d without knowing what I am saying yes to. There is a better way. Let me know what data you are collecting, why and how I can revoke that consent any time. #Easy5. Right to erasureThe digital exhaust that I leave behind continually is something that I am blissfully unaware of so if you can provide me with an \u201ceasy\u201d button that I can hit any time and all my bits are erased for eternity, I will breathe a lot easier and trust you a whole lot more.6. Appropriate technical measuresThis is all you. Not just adhering to a regulatory framework but going above and beyond a \u201cbox-check.\u201d Now that is truly raising the bar. Appropriate technical and ethical measures. #Wow7. Evidence of complianceIf you did all the above, then this is a piece of cake. Log everything, provide a forensic trail. But there is a catch. Frequently, this is an escape hatch. It is so much less arduous if you just did enough to show that you did a \u2018best effort\u2019 so even if a data breach happens we do not get fined. That is subversive, escapist and downright immoral. And organizations that turn this attitude on its head and truly make this a no-brainer because they did #1\u2013#6 right will eventually win.So, there you have it. A genuine renaissance for data protection. Not just for EU but for humanity.