There is plenty to cheer about for all privacy conscious individuals around Europe. The new EU privacy legislation, the General Data Protection Regulation, is here to make your life easier. It puts the control of your personal data back into your own hands.
The GDPR replaces the current Data Protection Directive, which is over 20 years old. It was time for a newer and a more updated law. Some of the current practices and technologies didn’t even exist back then, so regulating them was difficult.
Just think about what happened in these two decades: Social media, advertising, smartphones, wearable technologies, online shopping… the examples are many. These are the technologies we use daily, so we deserve some control, don’t we?
All I Heard Was How Bad It Was…
The GDPR can be bad, but only for business who employ shady practices with your data. It is a bit restrictive, but that’s a good thing for us individuals. It means nobody can do what they like with our personal data.
Some companies cry wolf because your data is their lifeblood – they profit off selling it to marketers and analysing your online habits. They fear they won’t be able to do it anymore, because they must ask for your permission first.
But it will be business as usual for honest companies. They will also enjoy simplified regulation and less administration – if they behave, that is.
Wait, Wait… My Permission?
Indeed. Under the GDPR, you have plenty of rights. Once you allow someone to use your data, it’s far from over. See, the data still belongs to you!
What does this mean? Anyone who wants to collect and use your data must ask for your consent first. They must give you a clear notice of what they plan to do with your data. It’s up to you whether you’ll allow it.
It means that you can ask for your data to be deleted whenever you want. This is the so-called ‘right to be forgotten’. You can also demand a copy of your data with a company.
If you are not satisfied with how your personal data is being treated, you can file a complaint with a local supervisory authority. This works even if the company is in another EU country. The authority will handle the rest.
Find out more about your rights here.
What About Hacks?
The GDPR is also a response to a growing number of data hacks and leaks. Companies lose personal data left and right. That’s simply not okay. The EU lawmakers think so, too.
That’s why the GDPR requires special treatment for sensitive data, such as medical records and bank account details. But ordinary personal data, like data found on your social media profiles, is also protected.
If companies plan on using your data for analysis or marketing, they must strip it off personal identifiers. This means the data cannot be linked to your real name anymore.
Companies are required to document all data they have, and store it securely. They must delete data they no longer objectively need. The equation is simple: the less data they have, the lower the risk for you in the event of a leak.
Want more details about hacks – or ‘data breaches’, as they’re called? Click here.
Nah, They’ll Just Ignore It
They won’t. Well, they could. But then they risk getting fined. And the fines are huge. Large companies can be fined based on their income, meaning hundreds of millions of Euros is at stake. The fines are so huge that it pays for them to play fair.
Read more about the potential fines here.
So, I Finally Have a Say
Yes, you do.
Your data is no longer at the mercy of huge multinationals who can use it in whichever way they like. You are free to take back control of your online life.
Now, let’s be realistic. The GDPR won’t solve all our privacy problems. But it’s a fantastic step forward that all privacy-minded individuals should welcome with open hands.