Q&A: What is GDPR and what does it mean for data privacy?
The new EU laws come into force on May 25.
New data privacy regulations come into force in the EU on May 25, giving users greater say on personal information they share and harsher punishments to firms who misuse it.
The General Data Protection Regulation (GDPR) has been designed to protect user privacy in what the EU says is now a “data-driven world”, but what does it mean for consumers?
– What is GDPR?
The General Data Protection Regulation is a new, EU-wide law that gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.
For consumers, it brings new powers that require firms to get clear consent from users before processing their data, as well as grants users a right to easily access the data collected from them and transparency on how it is being used.
– What are the key aspects of the regulations?
As well as those already mentioned, one key element is the increased jurisdiction GDPR gives regulators.
Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines, ending territorial-based accountability used by some firms not based in the EU to previously avoid sanction.
The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around such incidents.
The weight of fines able to be issued will also increase under GDPR. Regulators will be able to issue penalties equivalent of up to 4% of annual global turnover or 20 million euro – whichever is greater.
For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.
– Will it make a difference?
It already appears to be. Many large technology and internet companies have begun the process of making their data practices more transparent with the threat of large fines hanging.
Both Facebook and Twitter have been rolling out updates to their privacy policies, adding clearer language and description of data use, and offering more tools to users to share or remove their personal data from that platform, as it required by GDPR.
The recent Cambridge Analytica scandal has also increased public scrutiny on data use, with Facebook acknowledging it has received more questions from users recently on how it gathers and shares personal data.
– Should people care about the changes?
It’s important to review these changes to keep using various internet services, but it is also an opportunity for users to tidy up their online data sharing.
As part of the new laws, firms must give users greater access to controls around what data they share and what they want to keep private.
Facebook for example is rolling out a tool that enables users to opt-in to facial recognition being used to scan their photos, but also the chance to switch it off.