Has your inbox been overflowing with various companies asking you to read the latest terms and conditions? Know what the common denominator is in all of them? That’s right! All these companies are preparing for GDPR, the General Data Protection Regulation that will take effect on May 25, 2018.
Let’s break it down and see what we need to know about the new regulation put forward by the European Union for privacy and data security. The article answers the following questions:
- What is GDPR?
- How does it affect you?
- What do you need to do?
Quick video overview from Wall Street Journal for extra busy ones (busy=lazy).
What is GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law. Since the introduction of EU Data Protection Directive (Directive 95/46/EC) in 1995, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws set in 2016.
GDPR is designed to give you better control over your personal data.
The ultimate aim of the data protection laws is to govern the way the businesses collect, use, and share personal data about you. Moreover, they require businesses to treat an individual’s personal data lawfully, which means giving allowance to individuals to handle legal rights in respect of their personal data.
How does it affect you?
The General Data Protection Regulation is designed to give you better control over your personal data. So, it gives you more protection over your data usage than before. This means, if you share any kind of personal information with this or that service provider, you should have the right to access, correct or delete your personal data and be sure that as far as the company owns some private information of yours, the appropriate security protections are put in place to protect the personal data they process.
What do you need to do?
As an individual, you should be informed about your rights to fully possess the information that is being collected and used about you. When companies obtain or ask to obtain data from an individual, certain points must be made clear for the individual in a simple language that meets the standards of the GDPR, some of them are:
- What organization is going to process the data requested?
- What is the purpose of the data request and how it is going to be used?
- How long will the data be stored?
- How can an individual access, change or erase the data?
- How can an individual lodge a complaint in case of a data breach?
The companies should also be prepared that you may request a copy of your data and should present it to you in a clear, simple format. Individuals also have the “right to be forgotten”, which means GDPR makes it clear that people can have their data deleted at any time they want to.
Have couple of more minutes? Watch Tech Republic senior reporter Dan Patterson explaining more about the regulation.