- Table Of Content
- What is GDPR?
- How does this impact us directly?
- What about my rights?
- Who does GDPR affect?
- What happens if I am not GDPR compliant?
- What’s a data protection officer?
- What happens to the kids?
What is GDPR?
The world of the internet is constantly growing and expanding. More and more of the day-to-day tasks we tend to do within the online environment.
Most of the times we do not even realize the impact it has on us and the information we keep sharing for various purposes.
Hence, the General Data Protection Regulation is, as its name already states, a new regulation introduced by the EU in order to protect more your, and why not, my private data within the online world.
All the companies that collect data of European citizens need to be compliant by May 25th.
How does this impact us directly?
First of all, most likely the most obvious impact it will have on us is question more. Question more the data we share, the amount of information we give away, the way it is processed, what it is used for and so on. Also, the moment it becomes clearer and more straightforward that we do share our private data, we will become more selective about it.
What about my rights?
As expected, GDPR comes offering users a bunch of new rights that make the whole process of data selection and usage more transparent. Some of these rights are:
- The right to access- this means that from now on you will have the chance to access the data that is being collected from you and also ask the purpose of it. The company you asked this from has to provide you with a copy of all your collected data, even in an electronic format, if desired.
- The right to data portability – this means that from now on you can transfer your data from one service provider to another.
- The right to be forgotten – this is also an essential one since it represented quite a deal of headaches in the past. From now on, the moment you are no longer a user or a subscriber of certain services or sites, you can request that all your data is deleted and they are obliged to do so, without any delays.
- The right to be informed – this means that from now on all the companies are obliged to let you know, straightforwardly what data they intend to collect, when and you have to give your consent in order for this to happen.
- The right to correct information – given the case some of your private data is no longer accurate, you have the right to update it and the companies are obliged to do so, without any delay
- The right to object – this one is also pretty handy at times. It gives us the chance to object the usage of our data for direct marketing purposes.
- The right to restrict processing – this means that although you do agree for your data to be collected, it does not imply that you have to agree to it being processed.
- The right to be notified – this means that whenever a data breach happens, you have the right to be aware of it, within 72 hours of its occurrence.
Who does GDPR affect?
First of all, don’t make the mistake of assuming that just because your company is outside of the EU you don’t have to be GDPR compliant. If you do process data of EU citizens, you have to be compliant, regardless of where your headquarters are.
What happens if I am not GDPR compliant?
As expected, if any date beyond 25th of May finds you non-compliant with the new regulations there shall be fines. And not small ones. This can mean 4% of the annual turnover for breaching GDPR, or 20 million.
So think twice before you consider not investing in this. Also, you have to think of the fact that given the happening of such a breach, you entirely lose the trust of your customers.
What’s a data protection officer?
This whole new regulation also brings to our attention a new position that comes to existence, that of a data protection officer. And this is not just some fancy name you might or might not have, this is a mandatory role that you have to have within your company starting with 25th of May. What does this person do? It has some of the following responsibilities:
- Makes sure your company and employees are aware of the requirements
- Trains your staff regarding this matter
- Conducts audits to constantly make sure you are compliant
- Maintains record of data processing activities
What happens to the kids?
In the case of users that are under 16 a parental consent will be required in order to have the right to process their data.
All in all, these are some of the new rules that the regulation brings into picture. Not much of a headache, however it’s best to stay informed and aware regarding what is happening and how this affects us or our company.
You have to consider more strongly the rights the users have, the rights you, as a user have, the rights under aged children have, how to secure privacy on a mobile device and many other aspects.
I hope this article shed some light upon what changed the GDPR brings and now you are a little more aware.
Should you have anything further to add or any worries and concerns, don’t hesitate to leave a comment.