If you’ve been wondering what the heck the GDPR is, here’s your answer!
The European Union has released a new set of guidelines to help protect people’s data, called the General Data Protection Program, or GDPR. Right now, the 1998 Data Protection Act is what the UK uses, but seeing that we’re two decades since the law’s inception, and noting the leapfrogging developments in the internet sector, things obviously have to change.
In common parlance, the GDPR is a single act that will help keep your privacy and data safer, as well as increase the penalties for those who violate the regulation. Another point to be noted is the new uniformity of data protection regulations through the European Union, which in turn will help ensure they are being enforced.
Why The EU Came Up With The GDPR:
There are two major reasons as to why the EU spent four years trying to formulate this stuff. The first is to try and provide businesses with a concise and uncomplicated legal area where they can work. This common regulation will both make their lives easier, as well as ultimately save them money.
The second is about trying to help people reclaim their digital rights. In a world where the internet isn’t private or one where your personal information and files are no longer safe, the GDPR should be able to shine a light on any misdemeanour.
When The GDPR Comes Into Play:
The GDPR will be applicable all over the EU from the 25th of May, 2018. The regulation itself came into existence in May 2016, but there was a two-year gap provided for them to apply to a business or organization.
There are two parties that the GDPR applies to, a controller, and a processor. The former is someone who defines the whys and hows of the processing of personal data, while the latter deals with the actual data processing part. For example, a controller could be a social media site like Facebook, while the processor could be one of the firms they hire for data processing.
The GDPR applies to anyone who uses data from EU citizens, including companies which are based abroad. This helps maintain transparency and accountability. If a party is found in violation of the GDPR, they can even be prosecuted under it.
Changes In Collecting and Using User Information After GDPR:
Thanks to this legislation, data should be deleted once the reason for the data being collected is done with. A controller needs to apply for data to be collected and needs a reason to do so legally. These could be by a simple consent from the data owner, to meet legal contracts or obligations, to protect your subject’s life-altering interests, as well as for public interest.
Further, even if you are granted approval, your users need to actively give their consent for you to use their information.
Personal law can be anything from a phone number to pictures. It also applies to something like a web address. Any data that is economically, socially, or mentally informative fall under the category and this might apply even when collected under another name. There should be records of when and the manner in which the individuals gave their consent, and this may be withdrawn any time they wish to do so.
Further, the people from whom the data has been collected have all the rights to demand access whenever they want, and the controller should respond as soon as possible, usually within thirty days.
Thus, you can know what a company knows about you, and what it’s being used for, simply by asking. Changes can also be made if the data has mistakes, or is not completely filled. The information itself must be stored in a common format such as excel sheets or a CSV so that they can move the data from one organization to another on request, and this again should be done in a month.
If you want your data to be moved or deleted, you have all rights to do so, especially if it is no longer necessary for the purpose it was collected. You can also withdraw your consent anytime, and get your data deleted if you, for instance, have objections to the way its processing methods. This is called the right to be forgotten.
Ramifications of the GDPR:
Once the regulation is enforced, you will be held accountable under its clauses and might have to pay fines of either ten million euros or 2 percent of your company’s net turnover (the greater sum). For more severe violations, you’d have to pay up to twenty million euros, or 4 percent of your company’s net turnover, again, the larger value.
This will also affect your customer base, as well as trustworthiness, which may lead to losses, both financial and customer-wise. Thus, ensure that you avoid violating the act. The best way to do this is to launch an audit to figure out what kind of data you have, whether it fits with the types defined by the regulation, and if you have your users’ consent to hold it. If you don’t, get rid of it, or get consent for it.
If you are a customer, the GDPR is a set of measures that will lend greater security to your data, and reduce the probability of your data being misused. It will also provide increased transparency and accountability.
If you are a business, while the regulations may seem difficult to contend with, consider this as a method to gain your customer’s trust, as well as clean up the data you might have accumulated, especially some which you may not even use.
Remember, ultimately the act will save you money as well, so don’t think too harshly of it. The important thing is to start working as soon as possible to make sure you don’t violate the GDPR before it comes into play, so start today to ensure you won’t be caught for violating it, intentionally or otherwise!