The General Data Protection Regulation (GDPR) is a set of rules used to protect personal data.
👉 These regulations came into force in May 2018, designed to set guidelines for the collection and processing of personal info for individuals living in the EU. They have seven key principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
You can find out more about these principles and what they mean here.
At first glance, the principles make sense, and it’s no surprise that the GDPR gives Europeans some of the strongest privacy protection available. They state that:
“The principles lie at the heart of the GDPR. They are set out right at the start of the legislation, and inform everything that follows. They don’t give hard and fast rules, but rather embody the spirit of the general data protection regime – and as such there are very limited exceptions.”
The change set off a flurry of emails from organisations who had to update their policies to reflect the new laws, while others have responded with a small disclaimer at the bottom of their websites asking you to consent to giving them data.
It’s enforced by the Information Commissioner’s Office (ICO) in the UK, which has already dished out significant fines to companies like British Airways and the Marriott hotel chain following data breaches. They can charge a fine of up to €20 million, or 4% of total worldwide annual turnover. It’s enough to make most companies take notice of the law, which is the point.
Every EU-based company is affected, and the same is true if you have customers or clients based in the EU. It’s an aggressive move on the part of legislators, but something had to be done in the name of safeguarding consumer data rights.
After all, who owns your data? It’s tricky, and a number of organisations have based their business model on monetising our personal information. It’s heartening to see the balance shifted towards fairness, and most organisations have complied relatively painlessly. Though they will have to spend money to remain compliant, this should be viewed as an investment rather than an expense. GDPR should foster trust between organisations and their customers, especially in a time where privacy and security are so important. 👀
GDPR helps create more transparency in terms of data collection, storage, and usage, which is desirable from a user perspective. This proactive approach was probably necessary considering the commodification of user data over the last decade.
From a user perspective, there’s not much you have to do to stay protected. As long as you keep an eye on who and what you give consent to, your personal data should be relatively safe.