If you’ve just checked your email today, you might be surprised by emails from every business you have interacted with online, informing you about a policy change they implemented. The emails were sent out in compliance with Europe’s General Data Protection Regulation (GDPR). The regulation, seven years in the making, came into effect last May 25. But what is GDPR and how will it affect you, the user?
What is GDPR?
Technology advances quickly than our laws and the abrupt changes in technology comes with the need for protection, especially for its users. As we use the Internet on a daily basis, we unconsciously expose some of our private and sensitive data. While VPNs like Outbyte VPN, NordVPN, or ExpressVPN can help secure data, but without any regulation or law that’ll protect the users, the risk for identity theft and fraud on a daily basis is high.
The European Union (EU) already had the Data Protection Act of 1998, but since it’s outdated, the GDPR was introduced. For the member countries of the EU and their citizens, this is good news. However, for online businesses and companies, the GDPR will affect the way they collect, store, and use data. If they fail to comply with the regulation, they can be fined up to 20 million Euros or at least four percent of their global revenue, on average.
What does GDPR mean for an Average Internet User?
The new regulation will allow EU citizens to have more control over how they want to share their personal data for protection and privacy. They will now have access to the data stored by companies and know where they will be used. Besides, this law will also keep companies from collecting information about irrelevant stuff, such as your ethnicity, race, political views, sexual orientation, and religious beliefs, unless you give consent. And even if you give out such information, you can conveniently erase them whenever you like.
Who is Affected by the Law?
Basically, any company that has customers from the member countries of the EU, even if it is not based in EU, will be affected by the GDPR. Business verticals include travel agencies, banks, Amazon, Apple, Netflix, Google, Spotify, and even Facebook.
Since the regulation took into effect, companies like Facebook and Microsoft have already agreed to comply.
7 Rights Emphasized in the GDPR
The GDPR aims to protect the online data of EU citizens, but this law puts emphasis on the following rights:
- User Consent – Companies cannot use the data of a consumer without his or her consent. Data should only be used for the reason it was collected for.
- Data Breach Notification – If a data breach occurs, notifications have to be sent within 72 hours after the incident.
- Right to Access Own Data – Users should have the right to access their personal data. They should also be able to ask copies of it.
- Right to be Forgotten – Users must be able to erase data whenever they want permanently.
- Data Portability – Users should be able to transfer, share, or reuse their personal data. If they do that, the data have to be transferred or provided in a machine-readable format.
- Privacy by Design – Companies should secure and protect all data gathered. Their system should also be capable of supporting bulk data.
- Data Protection Officer – If a company has more than 250 employees, there should be a professional data officer who will work to ensure everything is done to protect data.
Again, the General Data Protection Regulation does not only apply to businesses in the EU. Other businesses and companies that market their goods and services to citizens of the EU must prepare to comply with this law. As long as businesses comply with all requirements, they should benefit from avoiding costly fines and at the same time, improve customer trust and data privacy.