If your inbox is swamped with emails from various different websites wanting to “stay in touch” and updating you about the changes, you are probably aware that today, on Friday May 25th, a new European law, the General Data Protection Regulation (GDPR) comes into effect. This massive piece of legislation has over 250 pages, which if you are interested in reading it, you should talk about it with fellow data nerds or marketing professionals in order to better comprehend its meaning and some key terms. GDP is not only related to emails, it affects every industry, business and publishing.
What is GDPR exactly?
The General Data Protection Regulation is a new, EU wide law that gives greater power to penalise companies who are mishandling personal data or are not transparent about how their business uses it. For consumers, it brings new power that require firms to obtain clear consent from users before processing their data, as well as grants users a right to easily access the data collected from them and transparency on how it’s being used.
Our new EU #DataProtection rules will enter into application on Friday!— European Commission (@EU_Commission) May 20, 2018
With a sharp eye, Belgian cartoonist Pierre Kroll illustrated the many challenges of protecting personal data online.
Know your rights → https://t.co/E8MqO8FFl7 #GDPR pic.twitter.com/ZVCwFT4f8C
What are the key aspects of the GDPR?
The main idea is to increase jurisdiction GDPR gives regulators. Organizations will now follow the guidelines to handle and safeguard EU citizens’ personal data in a more efficient manner. All data must be reported immediately and no later than 72hours after the breach is found. The definition of personal data is now extended to the location, IP address, medical data and genetic information. Organizations are also required to perform Privacy Impact Assessments (PIAs) to assure personal information is protected. Data processing and data controllers will have the responsibility of protecting person information. All organization in the energy, transportation banking, and healthcare sectors will have to take “appropriate security measures” in the state of malware detection, response and reporting.
What does this mean to business?
This will surely make a difference to business, but mostly for large technology and internet companies which already begun the process of making their data practices more transparent. Both Facebook and Twitter have been updating their privacy policies, adding clearer language and description of data use, and offering more tools to users to share or remove their personal data from that platform, as is required by GDPR.
Will I be affected?
Simple answer: Yes. Weather you run a charity or have signed up to newsletters, or doing online shopping, the GDPR is likely to impact us all. The Act will give individuals easier access to the information that organisations hold about them – Free of charge and must be released within one month.