Given everything that is going in the world, you may not have been prioritizing the news on the EU’s upcoming General Data Protection Regulation (GDPR). The new EU regulation dramatically strengthens your right – and ability – to control your personal information and privacy.
You may not feel personally affected by the fact that organizations that collect and process personal information of EU citizens must change the way they manage that data by 25 May, 2018.
But if numerous polls are any indication, odds are high that you actually do (or will) care about GDPR and its impact on your personal and professional life.
Consumers Want Control
A GSMA study revealed that 9 of out 10 smartphone users are concerned about mobile apps collecting their data without their consent. They want to know when smartphone data is being shared with a third party.
A 2015 Eurobarometer survey found that: 81 percent of people feel they don’t have complete control over their personal data; 89 percent believe they should have the same rights and protections over their personal information regardless of the country in which the organization offering the service is headquartered; and 69 percent believe that collecting their data should require their explicit approval.
The study discovered that many consumers mistrust companies that collect their information online, and their trust erodes even further if the companies are unfamiliar or located outside of their jurisdiction.
It was to address these – and other – privacy concerns that the GDPR was created. Basically, the regulation aims to simplify, unify, update and strengthen the protection of your personal data.
Although the Data Protection Directive of 1995 contains some of the same protections, the directive was designed before the internet was what it is today. And as a directive, EU member states could implement it as they saw fit.
The GDPR on the other hand must be followed, and it applies to any company that collects and processes the data of EU residents. Regardless of where the company is based.
5 Ways the GDPR Will Benefit You
So what are the specific benefits of this “general” regulation? Here are some reasons you should care about GDPR.
1. Increased security for your data.
With cybercrime on the rise, GDPR requires data processors and collectors to be more vigilant about safeguarding personal data against loss, theft and unauthorized access. The need to take proper security measures has long been part of privacy legislation, but what’s new is the GDPR’s stress on “pseudonymization” (disguising any connection to you) and encryption of the information.
Also new is the GDPR’s mandatory data breach notification rule.
If a data breach occurs, it must be reported to the supervisory authority within 72 hours. And if the breach is likely to pose a high privacy risk for individuals, they must also be informed. (Previously, some companies waited months – or years – to report that a database had been compromised.)
2. Most organizations will need your consent to process and share your data.
With the exception (in certain circumstances) of law enforcement and national security agencies, organizations now need your explicit consent before processing your data. Say goodbye to dictionary-length terms and conditions forms written in dense “legalese” – the ones that require you to check a box marked “I agree” before you can access the site.
Now, companies will have to supply consent mechanisms that are plainly worded and transparent. This means that you proactively must say yes before you are subscribed to for instance an online newsletter.
3. The right to rectify mistakes.
Under the GDPR, you are entitled to have your personal information corrected if it’s inaccurate or incomplete.
This could be vital if, for example, a financial institution input the wrong information concerning your credit history. Also, if an organization shares inaccurate or incomplete information with third parties, it must inform these parties about the rectification (whenever possible). It must also inform you about the organizations with which it shared the data.
4. The right to erasure.
Also known as the “right to be forgotten,” this allows you to request that your personal data is removed when you withdraw your consent. The right can be exercised in a number of situations. Some common ones include: if the data was unlawfully obtained; if you object that there’s no legitimate interest for the continued processing of the data; and if the personal data is no longer necessary to achieve its original purpose.
In a landmark 2014 ruling by the EU court of justice, Google Spain was ordered to delete “inadequate, irrelevant or no longer relevant” data when a member of the public requests it. The case began when a Spanish man failed to make the company delete search engine results linking his name to a 16-year-old auction notice of his repossessed home.
5. Smart companies will champion privacy rights to win your business.
A less-talked-about benefit of the GDPR is that it will encourage companies to focus on customer satisfaction. To win your business and loyalty, some firms will ‘bend over backward’ to provide clear and transparent privacy notices, protect your rights, and reduce (or eliminate) nuisance forms of marketing such as unsolicited phone calls and spam emails. In turn, this will pressure other companies to follow suit.
Note: despite Britain’s plans to withdraw from the EU, Prime Minister Theresa May recently announced that as part of the “Brexit” process, existing EU laws in the UK would be converted into full U.K. Laws. In other words, the GDPR will become the law in the U.K.