What is the General Data Protection Regulation (GDPR) To You?
Wondering what the GDPR is and how it affects you? Here’s a comprehensive explanation about what it is and what it does for data privacy in the EU and in the world.
If you’re reading this, then you’re aware of the General Data Protection Regulation, which came into effect on 25th May 2018. That being said, you might not be aware of what the regulation means for your privacy and how it will affect the practices of major tech companies and small startups alike.
In this article, we’ll cover what the GDPR is, how it affects you, and how it has been changing the practices of companies that hold user data.
What is GDPR?
The General Data Protection Regulation (GDPR) was passed by the European Parliament last year following public outcry over various scandals – most notably the Cambridge Analytica scandal involving Facebook. The breach of trust incurred during these scandals led governments around the world to seriously consider the power of major tech companies and the access that they have to user data.
This fed into four years of debate and work on a new set of regulations to protect individual privacy and data rights. The result of this was the GDPR.
The GDPR works as a replacement for the 1995 Data Protection Directive and aims to strengthen data protection and individual privacy by giving them the power to demand that companies inform them of the data they hold, as well as delete it if necessary.
You might remember when the regulation was passed last year and your email inbox was suddenly filled up with desperate pleas from companies asking you to “click here so that we can stay in touch.” This is because the regulation also meant that companies could no longer keep your email address without permission from the owner of the address.
Who does GDPR affect?
The GDPR affects all EU citizens and all companies in the EU, as well as all those that do business or serve users in the EU. Not only this, but many companies have extended the same rights to their users outside of the EU as well, in anticipation of other countries passing similar laws. This has also helped those companies to gather public admiration for their efforts in extending privacy.
Of course, the companies most affected by the changes are those that rely on user data – for example, tech companies like Facebook and Google, and also marketing companies.
Facebook updated their privacy terms in preparation for the GDPR. They allowed all their users to opt out of facial recognition technology and they encouraged users to access their information on the site and delete it at will. They also allow you to see the information about you that determines how ads target you and which companies are showing you ads.
How is GDPR enforced?
Whereas before data protection laws were left for each individual country to enforce, now with the GDPR, the EU can act in unison to uphold these rights. Companies that breach the GDPR can face fines of up to 20 million euros, or they’ll have to pay the equivalent of 4% of their total global revenue – whichever of the two is greater will be the fine that is demanded.
This is the first time in the EU that there have been serious consequences for companies that misuse user data. With this new set of sharp teeth, we’ll see far less companies abusing our privacy.
In the long run, this will result in companies being a lot more cautious when using their user data for new ventures. While some companies will likely try to cheat the system, over time we’ll see the ball in the court of the individual users… and potentially a lot of companies in a different kind of court.
What are some of the regulations of the GDPR?
So you’re aware of what the GDPR is and who is covered by it. You’re also aware that it has some teeth to bite any company that doesn’t abide by it. But what exactly are the regulations within it? What are the new rules that set the minimum standard of data protection and privacy across the EU?
MORE USER CONTROL OF DATA: Individuals can now request that companies delete their personal data and they can transfer their data across service providers more smoothly.
DATA PROTECTION: The GDPR also requires that companies implement effective measures to ensure that user data is protected from being lost or stolen. It even requires that companies that hold user’s personal and genetic data must appoint a data protection officer to advise the company about how best to follow the new rules.
OUTSIDE EU: Companies outside of the EU that possess the data of users within the EU must also follow the same regulations. They are also subject to the same penalties if they breach these laws.
Will the UK follow the GDPR after Brexit?
The UK has been working on its own data protection laws that are similar to the GDPR and the country has confirmed that it will accept the GDPR as the minimum standard of data protection. In short, the UK will follow the GDPR – of course, and company in Britain that serves EU citizens (most companies) will have to follow these rules anyway.
Will the world follow the example of the GDPR?
Now that international companies dealing with EU citizens are required to follow the same regulations, many of them are simply applying them to all of their users to make things easier. This is a trend that will likely lead to more countries embracing similar privacy and data protection laws.
In the US, there has been much debate surrounding this issue and public opinion is increasingly shifting to demand that more measures are implemented. Currently, there is no federal legislation that protects user data in the US, although there are some state-level regulations, for example, the California Consumer Privacy Act.
As the world moves ever-more into a tech-based future, the necessity for increased data protection is becoming paramount. Privacy is increasingly being viewed as a fundamental human right and this will have massive implications for the behavior of major and minor companies that handle copious amounts of user data.