New data laws come into force in Europe on May 25, but how will the General Data Protection Regulation (GDPR) affect businesses and the general public?
– What is GDPR?
The General Data Protection Regulation is a new, EU-wide law that gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.
For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data, as well as grants users a right to easily access the data collected from them and transparency on how it is being used.
– What are the key aspects of the regulations?
Our new EU #DataProtection rules will enter into application on Friday!— European Commission 🇪🇺 (@EU_Commission) May 20, 2018
With a sharp eye, Belgian cartoonist Pierre Kroll illustrated the many challenges of protecting personal data online.
Know your rights â https://t.co/E8MqO8FFl7 #GDPR pic.twitter.com/ZVCwFT4f8C
As well as those already mentioned, one key element is the increased jurisdiction GDPR gives regulators.
Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines, ending territorial-based accountability used by some firms not based in the EU to previously avoid sanction.
The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around such incidents.
The weight of fines able to be issued will also increase under GDPR. Regulators will be able to issue penalties equivalent of up to 4% of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.
For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.
– Will it make a difference to business?
It already appears to be. Many large technology and internet companies have begun the process of making their data practices more transparent with the threat of large fines hanging.
Both Facebook and Twitter have been rolling out updates to their privacy policies, adding clearer language and description of data use, and offering more tools to users to share or remove their personal data from that platform, as is required by GDPR.
The recent Cambridge Analytica scandal has also increased public scrutiny on data use, with Facebook acknowledging it has received more questions from users recently on how it gathers and shares personal data.
– Am I likely to be affected?
"The Facebook scandal has three aspects:— European Commission 🇪🇺 (@EU_Commission) April 11, 2018
â #DataProtection: we are equipped to remedy the situation with #GDPR
â Fraud: national authorities have to address it with criminal justice
â Electoral freedom: we need to know more about what happened" says Commissioner @VeraJourova pic.twitter.com/1SUpSrDoCH
Yes. Whether you own a business, run a charity, or have signed up to newsletters via social media or online shopping websites, the GDPR is likely to impact us all.
The Act will give individuals easier access to the information that organisations hold about them – free of charge.
Currently, there’s a £10 fee for a Subject Access Request (SAR), which businesses and public bodies can charge in order to release any personal information. However, the GDPR means this will be scrapped and requests for personal information can be made free-of-charge and must be released within one month.
– What happens if I ignore it?
Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.
Many people will have already noticed emails from organisations asking whether they still want to be on the receiving end of their mailing list and other information. However, these are not necessary in every case and if you have an existing relationship with a firm from which you have purchased products or services you do not need to give fresh consent.