Issues surrounding data privacy and protection seem to be getting quite a bit of press and attention especially over the last few years. Most recently, Equifax announced that the personal information of over 140 million of their users had been breached. Other incidents like this as well soft privacy laws have made the privacy and protection of personal data a very hot topic on many people’s minds.
Your personal data is vitally important because it is used for so many things in the normal course of life including credit profiles, major and minor purchases, health records, and insurance just to name a few. It’s actually quite mind boggling to think about how many different companies and entities have various pieces of your personal data such as bank account information, credit card numbers, and social security numbers not to mention the usual name, address, phone number, and email address. If your personal information is breached and gets into the wrong hands, it can wreak havoc on your life and the process of recovering from this can be painfully long and costly.
Consumers want more privacy, protection, access and control of their own personal data, and the European Parliament and Council has responded with the creation of one of the most stringent and powerful personal data regulations called GDPR (General Data Protection Regulation) which gives citizens of the European Union much of what they’re looking for and holds companies much more accountable for managing consumer personal data.
This new regulation is set to go into effect on May 25th, 2018.
How will GDPR affect you?
Business entities that handle your personal data will have a host of compliance requirements that they will have to adhere to, but let’s take a look at how GDPR will affect you as a consumer. At a high level, GDPR is meant to empower EU citizens’ right to data privacy, data access, and data control. Here are 5 empowering ways GDPR will affect consumers:
(1) Right to Access
Have you ever wondered what companies are doing with your personal data? With GDPR, you have the right to get detailed information about where your data is being processed and specifically for what purpose your personal information may be used for.
(2) Right to be Forgotten
This right gives you, as a consumer, much more control over who has your personal data and for how long. Under GDPR, company controllers must erase your personal data “without undue delay” if your data is no longer needed or if you simply object to them having your information. This is especially powerful in instances where a company makes your personal data public, particularly online. Of course, there are exceptions for this regulation such as, data cannot be deleted if it’s needed for compliance reasons or if there are any legal implications that would be affected with the deletion of the data.
(3) Data Portability
Data portability provides you with more control over your data and it increases your choice of online services. As a consumer, you have the right to request and receive any of your personal data in a commonly used and “machine-readable” format. If it’s feasible, a company may even be required to transmit your data directly to a competitor.
(4) Breach Notification
Breaches occur almost every day and the most important thing for you is to know if your data has been affected so you can take appropriate actions. Under GPDR, if a breach has occurred the controller has 72 hours to inform you of the breach. Companies will have to have a documented notification plan in place that ensures you are notified within 72 hours of a breach instead of being notified weeks or even months later
GDPR has increased the number of disclosures a company must make before they’re even allowed to collect any personal data from you. Included in these disclosures are the identity of the controller, the purpose of collecting and using your data, and identifying any and all recipients of your data. Not only that, but these disclosures may not be riddled with page after page of legalese that most people don’t understand. They must be intelligible with clear plain language that is tailored to the appropriate audience. This goes a long way in giving you more control over your personal data because it ensures that you have all the facts before you give explicit consent to have your personal information collected.
From a consumer perspective, these five tenets of GDPR will give consumers much more privacy, protection, access and control of their own personal data. It’s also important to note that there is plenty of motivation for companies to comply with all the requirements of GDPR because the penalty for non-compliance can be as high as 4% of a company’s global revenue, and that is enough to sufficiently motivate any company.