General Data Protection Regulation 101: Why We Should Care About It

Have you been getting more annoying emails than usual lately? Mainly asking you if you want to stay on a mailing list you do not even remember joining. Sounds familiar?

Say “hello” to GDPR, or what is described as the biggest shake-up of data protection laws in a generation. In a nutshell, it gives us—the ordinary people—unprecedented control over the vast information companies hold on us.

So, what is GDPR? And what does it mean for you? In this article, let us talk about data, your data in particular.

An Overview of GDPR

Remember all those emails from companies desperate for you to sell on their mailing list? Yes, that is not some weird PR strategy. It is all because of a massive change in worldwide data protection rules called the general data protection regulation or GDPR.

You might be wondering the reasoning behind these new laws. Today, nearly every part of your life can be digitized, tracked, and logged. The same goes for every picture, every journey, and every purchase online. Even every heartbeat, more and more of your personal information is collected, stored, and traded by companies and governments.

How the New GDPR Regulations Affect You

The new GDPR regulations cover things that could identify you. This includes—but is not limited to—your name, your contact details, your computer’s location, and your personal data—like race and sexual orientation. From now on, with GDPR regulations in place, organizations will have to prove they have a lawful reason for holding that kind of data. And even more importantly, show that they are keeping it safe.

As for the emails, companies need to prove your consent if they want to keep your information, like your name and email address on their system. And that is one of the main reasons why everyone’s inbox is bursting at the moment. But some experts do not think companies really need to send all their users emails at all.

You have to take the necessary steps to alleviate these risks–all the more if you are a high-profile individual. The importance of using unbreakable email protection cannot be stressed enough these days, as these provide unprecedented executive protection from various online privacy threats. The idea is to only give out the necessary information and access to certain individuals who are trained to be discreet and bound by a confidentiality agreement.

For the typical email users, on the other hand, if you signed up for something and gave someone permission in the past, it is probably still valid. In some cases, companies who are contacting might be acting illegally. Because if an organization cannot already prove consent, they should not be emailing you to confirm your details or get more up to date information.

It is a bit of a mess, indeed. But the good news is you do not have to worry about it too much. Because if you do not reply to the emails, then—in an ideal world—that company should delete your information from their system.

What are Its Implications to Companies

In fairness, it is not really surprising that businesses are nervous about GDPR, considering the potential penalties for firms are massive (up to 4 percent of a company’s annual turnover). For instance, if a Silicon Valley giant commits a serious breach, they could get slapped with a multibillion-dollar fine. Yes, it is a critical piece of legislation. At the end of the day, however, it is supposed to empower the people who give companies their data. You should clearly see what new policy you get.

If a company has to ask for permission to store your data, then they will have to be much more upfront about it. Basically, no more checkboxes with confusing questions designed to make you give away more information than you want. Or let us say a database of a site you use is hacked and the information is stolen, that particular organization that was storing information on you will have to tell you about the hack within three days.

You now have the right to see your own personal data. If you think a dodgy company is holding information on you, you can demand that they hand over everything they have, as well as its rights of access, and has a right to be forgotten.

In a number of cases, you can actually get your data raised, but do not get carried away. That does not mean you can delete yourself entirely from the system. Hospitals, government agencies, and the like are exempt from that rule. 

What the Future Holds for Internet Users and Organizations

In hindsight, GDPR is something that could affect the way the whole world thinks about data. Some campaigners say this is a chance for the biggest companies to rebuild trust with their customers after scandals involving the misuse of data.

You might remember when a certain group went undercover to expose a company called Cambridge Analytica. They are accused of using personal data from Facebook users harvested without their consent to try and influence elections. It is data breaches like this that GDPR is supposed to stop.

Facebook, for its part, has already said they are going to apply the EU rules to all of their users around the world. Mark Zuckerberg said the social media giant needed to regain user’s trust after the Cambridge analytical scandal.

We, as citizens of the world wide web, did not take a broad enough view of our responsibility. And that was a big mistake. Some critics may say GDPR is too vague and contains loopholes that will still let big companies get away with hoarding your data. Others think the new rules will become a burden to business saying it will cost them money to hire new staff to deal with the rule changes and those costs might mean higher prices for customers.

In all honesty, nobody really knows what the long-term impact will be. But it is a sign of the times, governments are finally waking up to how much data companies thought about their citizens. What it should be used for. This is just the start of a journey that could change the way you think about your digital information forever.