What is GDPR?
In 2016, the European Parliament passed sweeping legislation to provide citizens with a greater level of control over their personal data and require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Companies and organizations were given two-years to get in compliance with the new regulations or face heavy fines. May 25, 2018 is the date that GDPR goes into effect.
What are the new regulations?
There are several main changes that companies must now follow. If they are not in compliance they will be fined 4% of annual global turnover or €20 Million (whichever is greater).
- Breach Notification: Companies must notify users within 72 hours of a data breach.
- Right to Access: Everyone has a right to their own information. If requested, personal data must be turned over, free of charge, in an electronic format.
- Right to be Forgotten: If there is information about you online that is harming you then you can request to have it removed. Companies will have to take into account the public interest in the information.
- Data Portability: Companies need to provide your personal information to you in a commonly used and machine readable format that can be transferred to another service.
- Privacy by Design: When designing services (e.g., websites, apps), businesses must consider how to keep user information protected. It should be built into the design, not an afterthought.
Who does this effect?
Due to the Right to Access provision in GDPR you can now request a copy of all the data a company has collected about you. Sometimes this has to be done in writing, while others are starting to roll out instant downloads.
What privacy regulations do we have here?