Unless you’ve been in hibernation for the last several months, you will no doubt have heard plenty about GDPR, or the Global Data Protection Regulation. Introduced back on May 25th, 2018, the GDPR was created as a means of making data protection much simpler within the EU. Basically, it was created in order to unify each and every member of the EU’s approaches to data regulation to ensure that all data protection laws and rules are enforced and upheld in each and every country within the EU, and yes, that includes the UK! In simple terms, the act was created to give everyday citizens back a certain degree of power over how their personal data was being utilized by organizations, especially those with an online presence, which is virtually every organization these days. Basically, it ensures that everyday citizens have a say over what information of theirs is shared and utilized by said companies. But is it that simple? Sadly, it’s not. There’s plenty more to get your head around with regard to GDPR.
What is considered personal data?
First up, it’s important that we understand exactly what personal data actually is, or at least, what it is by law. Under the GDPR act, any information related to an individual which can be utilized to indirectly, or directly, identify that person, is considered personal data.
Who is it for?
GDPR is primarily for countries which are members of the EU. So, surely that means that all US companies are safe from GDPR right? Well, no, not at all. You see, if a US organization, or any other non-EU organization happens to sell goods or services to clients that are located in countries which are members of the EU, if they process or monitor the personal data of said clients, GDPR also applies to them. As we are now more than one-month post-GDPR all organizations should ideally have taken the necessary steps to ensure that their website and company is compliant with these new regulations.
What if companies are not compliant?
If you’re not yet compliant with GDPR, even though you know you should be, you are breaking the law and you will need to put this right ASAP. Do not think for one second that you can simply ignore it and hope that you won’t get caught because you will, and the penalties are not pretty. Any organization which is found to be in breach of the new GDPR rules and regs could face a fine of either 4% of the annual global turnover of the company, or a fine of up to 20 Million Euros, which is more than 23 Million dollars for our overseas readers.
How does GDPR benefit everyday citizens?
GDPR was established as a way of giving everyday individuals a certain degree of power back with regard to how their personal info is utilized.
- The right to be forgotten: This is basically a right in which individuals can request for their personal information to be deleted, and to prevent organizations from collecting their personal info in the future either.
- The right to object: This right allows individuals to consent, or to withdraw consent, when it comes to the processing personal data and information of theirs.
- The right to rectifications: With this right, individuals can contact organizations and can request for them to correct any personal data which happens to be inaccurate. The organization then, by law, must rectify said errors or again, they face the risk of penalty.
- The right to be informed: Finally, the last right we’ll look at here is the right to be informed. With this right, individuals are legally obliged to know, by law, who is using and processing personal data of theirs and how it is being utilized.
When can personal data be processed?
There are of course, plenty of instances in which personal data can, and will, be processed. For example, if an individual is legally obliged by law to hand over certain examples of personal data, then of course they must as GDPR will not apply. If it is within the public’s interest, personal data can also be obtained, as well as if it pertains to legitimate business interests or ventures.
GDPR still applies to the UK:
If you’re a UK resident, the word ‘Brexit’ will probably send a shudder down your spine. No doubt you’re sick to the back teeth of hearing about Brexit and how the UK is set to leave the EU, but it is coming whether you agree with it or not. Article 50 was recently triggered, so the wheels for leaving the EU do appear to be in motion. However, the UK will still be a member of the EU for at least another two years, and possibly longer still, so for the time being at least, as the UK is a member of the EU, GDPR is indeed still applicable to the United Kingdom for the next two years at least.
How are fines enforced?
In all honesty, we do not yet know how fines and penalties are enforced because GDPR is so new, and because hopefully, the majority of companies in which GDPR applies to, will have ensured that they’re compliant. One thing that is for sure however, is that fines and penalties WILL be enforced so again, don’t take any chances.