General Data Protection Regulation (GDPR) is a document of protocols that’s about 50,000 words long. For most, reading this document is a non-reality, but that doesn’t mean it’s OK to be in the dark, either.
Everyone who uses the internet should know that GDPR is a European protection regulation program. It creates rules for how businesses must handle data collected from European residents. In many ways, this regulation changes how online businesses carry out their everyday operations.
At the most basic level, GDPR is about internet users’ fundamental rights.
Any company that offers their products or services to consumers in Europe must abide by GDPR protocol. Due to this fact, people around the world will be impacted by GDPR, and you’re likely to be one of them. Here’s what you need to know about the new regulation and what you can expect following its implementation:
When’s the last time you read an entire consent form on the internet? If you’re like a lot of internet users, the answer may be “never.” Historically, consent pages are long forms that include conditions full of legalese. For many, this information is largely hard, or impossible, to comprehend.
Under the new GDPR rules, consents need to be strengthened and simplified. All consent forms should be easily accessible and reasonable to understand. Furthermore, consents must be clearly distinguishable from other content.
Every user should instantly understand the type of form they’re looking at and what they agree to when they sign. Another essential element of the regulation is that consent must be as easy to withdraw as it is to give.
Companies that sell to European consumers will also be required to decrease the time it takes to release breach notifications. When a company finds the rights and freedoms of the individuals they serve are at risk, they must inform their customers within 72 hours.
For reference, this rule will largely change how online security breaches, hacks and digital thefts are handled.
Right to Access
Increased transparency is another large part of GDPR.
In the past, many companies have processed data without customers’ knowledge. When customers would request this information, businesses weren’t always required to be forthcoming about the data they were collecting, how they were gathering it and what it was being used for.
Now, companies will need to provide electronic information about the personal data they use to all of their customers free of charge. If you ever want to know how much an online company that does business in Europe knows about you and what they do with the information, all you need to do is ask.
Right to Be Forgotten
Companies can store customer data long after said customers stop doing business with them. Often, even if a customer requests that their data be deleted, companies can decide where or not they’ll hold onto the information.
With the Right to be Forgotten clause, also called Data Ensure, customers have the right to demand that a company erases all of his or her data when it is no longer needed. Any information that’s no longer relevant or serving a purpose can be deleted upon the request of the customer.
Another benefit individuals will receive under GDPR is the right to transport their data. Anytime you want to use your personal information across different services, companies under GDPR should help you move, copy or transfer your personal information easily.
Privacy By Design
Privacy by Design isn’t new, really, it’s existed for years. What’s new about it, though, is that it’s now a legal requirement under GDPR.
This rule insists that data protection be a core part of every facet of operating. From the designing of systems to the changing of organizational structures, protecting data must be considered and catered to in everything a business does.
Data Protection Officers
Many internet companies currently have to report their data processing activities to local Defense Priorities and Allocations System ( DPAS ). For many organizations, this is a nightmare, as companies that operate in more than one country have to deal with several bureaucratic agencies, all with different regulations.
Now, companies with operations in Europe only need to adhere to internal record collection and storage requirements. These organizations will appoint Data Protection Officers ( DPOs) that will control and process records that require consistent and systematic monitoring.
Increased Territorial Scope
GDPR applies to all consumers residing in the European Union, regardless of where a company is located. Every business that offers products and services in Europe will have to process and control personal data in a way that complies with the GDPR regulations.
There is a fairly popular thought that many individuals in the US will benefit indirectly from these new regulations. Some businesses will create country-specific systems, but others won’t. The companies who don’t differentiate between countries will offer more data protection, retention, correction and deletion services to all of their customers.
Organizations that breach the guidelines of GDPR can be fined up to four percent of their annual global turnover or up to 20 million euros. Although this fine is only used for the most serious infringements, this penalty represents GDPR’s dedication to protecting individuals’ data.
One instance of a serious violation of trust would be if a company neglected to report a breach within 72 hours of its discovery. For less consequential errors, companies will be fined closer to two percent of their annual global turnover.
Something Similar In the US?
Senator Markey recently spoke about the importance of rules and regulations that can protect Americans. He called for a privacy Bill of Rights to be passed through Congress that could help US citizens understand when information was being collected on them, the type of information gathered and what it was being used for. He’s also called for a way for Americans to say no to having their data collected by various organizations.
As you might imagine, these claims were met with words like “ridiculous” and “burdensome” by a few. That being said, others agreed with Senator Markey and believe that a “Privacy Bill of Rights” would be a huge step in the right direction for the US.
Only time will tell if the US will create a similar regulation to what Europe is establishing. In the meantime, many Americans will start to benefit from Europe’s change and might begin to demand that something similar takes place in their home country.
On May 25, the European Union’s GDPR will go into effect. You might have noticed that companies like Google, Facebook and Twitter are emailing you, asking you to agree to their updated policies regarding data protection.
When you sign up to do business with a company, you should first agree to their terms and conditions. Once you agree, many companies can actively track your online activities, even when you’re not on their website.
The company collecting the data is generally also able to provide the information they collect on you to third-parties. These external groups then use this information to influence your behavior and show you catered advertisements.
Currently, few companies are required to provide consumers with information about what they’re collecting, why and who they’re sharing it with. Under GDPR goes into place the 25th of this month, European customers will be given different consent forms that are much easier to understand and read. They will also have the option to request information on the data that’s being collected about them and ask that said data be deleted.
Although GDPR is only technically for European consumers, it’s likely that many around the world will benefit positively from its existence. It’s also entirely possible that soon people from around the world will look at GDPR’s benefits and question why their country doesn’t have a similar regulation.
For now, if you conduct business with a company that’s operating under the new GDPR rules, you can rest assured that your name, residence, IP address, cookies, health data, genetic data, biometric data, race, political opinions and sexual orientation will be protected.
As far as sectors go, more than half of technology companies will be impacted by these new regulations. Less than half of all retail, software, financial, and online services businesses will be impacted.
To figure out whether or not a company you’re working with is under the new regulations, simply reach out to them directly after May 25 and ask if they are compliant with GDPR.
It shouldn’t be difficult to figure out what path you need to take to contact the right person who can provide you with the information you seek regarding the company’s status.
It’s also a smart idea touch base with other companies you frequently to business with and ask them what they’re currently doing to protect your information. If it does not seem adequate, you may ask them to delete your personal data or alter your information, so it’s no longer personally identifying.