Why GDPR will affect YOU
The General Data Protection Regulation (GDPR) is a new regulation by the European Union (EU) that affects all its citizens and everyone doing business in the EU. Media focus on this topic has mainly been on how it will affect the businesses that collect personal data, which is understandable as it will have humongous impact on how they interact with their customers. In this blog post I want to highlight the important underlying shift this will have on individual rights and how this impacts the citizens in the EU, meaning you and me.
First, let’s sum up the main frame of what GDPR is and what it means to you as an individual. The regulation affects everyone that collects personal data, hence everyone that data is being collected about. Personal data is by the European Commision defined as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” Anyone handling these kinds of data will need to restructure their systems to include data protection by design. Sanctions can be imposed towards those not in compliance with the new regulations with fines up to 20000000 EUR or 4 % of the annual worldwide turnover of an enterprise. Furthermore, the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents.
The main changes concerning individual rights are:
- Right to information, about what data is collected and how it is being processed.
- Right to consent, anyone collecting personal data must obtain specific consent from the individual, for any use of the data.
- Right to rectification, individuals have to right to require a rectification of any inaccuracies in personal data held about them.
- Right to be deleted, every person has the right to demand his/hers data deleted.
- Right of access to data, every person affected is entitled to a copy of processed data, which has to be handed over in a standardized and structured format.
The European commission explains the background of why GDPR is needed: “Rapid technological developments and globalization have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally.” With this statement they have identified that technology is making it easier to all kinds of businesses and organitsations to collect personal data, to process it and learn more about their users. (Also, they have identified one more important piece; we as consumers are giving up this data, which is a topic that will be elaborated further in another blog post.)
Set aside the practical implications, here are the lines in GDPR that marks a fundamental gamechanger for you, the individual:
“The protection of natural persons in relation to the processing of personal data is a fundamental right.” and ” Natural persons should have control of their own personal data. “
After seeing several newspapers, CEOs and bloggers in the debate around privacy proclaim that “privacy is dead” you get the feeling that there has been a battle and we have already lost it. To see that the EU is taking such a strong position in the discussions, and more important regulations around personal data tells us that the understanding sorrounding this issue is growing in the right direction. In Bolder, we are working to be a part of the drive towards a society that can have both the advantage of the amazing technology with its possibilities and still respect individual rights.
So maybe privacy isn’t dead after all.
Sources:
//ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
No Comments