If you used the internet at least once a week over the past couple of years, the chances are that you already heard about the GDPR. However, you’re most likely still wondering what it actually means and what it does for you as a user. It stands for the General Data Protection Regulation, which was implemented in 2016. It affects:
- Residents of countries that are members of the European Union
- European Economic Area countries and their residents
- All companies outside the EU and EEA borders that are collecting data from users coming from the two mentioned areas
So, if you are just a regular internet user outside the EU or EEA, you don’t really have to worry about these regulations. However, if you are involved in any sort of online business no matter where you are and where you registered your business, you should have at least some knowledge about the matter, as you don’t want to illegally process data from people protected by this law.
What Was Changed?
First of all, the way companies store and collect data from their users changed. This is a more complex subject, which is why we’ll leave it at this. Second of all, it is important to:
- Let the consumers know that their data is being tracked or collected
- Give them a reason why that is being done
- Delete all of the data on request from the user, in some cases
- Notify individuals about data breaches immediately, but also the authorities. Do so within 72 hours to avoid trouble
In short, make sure everyone knows whether you’re collecting and storing data or not. It is your job as an online business to keep that information as safe as possible. One of the most important things is hiring a DPO or a Data Protection Officer if your company is engaged in processing or monitoring sensitive personal data. Not only will the person specialised for this job make your life a lot easier, but you’re also, in some places, obligated by law to hire one.
The committee actually started thinking about this change over six years ago, when the first meeting regarding this subject was held. Fast forward four years and we get the general data protection regulation.
Depending on whether you are an owner of a business that operates online, or a standard internet user, the way you look at these changes is different. It is definitely in favour of the regular people who are just trying to make their lives a lot easier by paying bills online, surfing the internet and watching movies without having to look over their shoulders.
As of May 25th 2018, the GDPR is enforceable, and since governments didn’t need to make any changes to their laws and pass legislation requests, it became applicable the same day. All the major online companies that offer their products or services to people from all over the world are almost guaranteed to be GDPR compliant. In case data breaches occur, organisations will have to pay at least 20 million euros, or 4% of annual global turnover.