What You Should Know About the GDPR?
If you live in Europe, you've probably received various notifications from services like Google, Facebook, Twitter and the like, talking about the changes they're implementing to comply with the new General Data Privacy Regulation (GDPR) that is coming into force in late May.
If you're wondering if it's such a big deal, let me tell you, it is. This is probably the most significant change that data protection laws have ever encountered. Every company that handles information of EU citizens must comply by May 25th.
What is the GDPR?
According to the EU GDPR Information Portal:
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
In practice, it gives more power to consumers to know and make decisions on how they want companies to handle their private information. The GDPR gives a huge focus to transparency and consent.
What is changing?
The GDPR introduces various changes to the way data is handled and what types of communications about their data, citizens are entitled to.
Some of the changes included are:
If a data breach affects the data stored belonging to EU citizens, it will be mandatory to send a Breach Notification within 72hrs of becoming aware of the breach.
Right to Access
This principle states that all data subjects have the right of knowing which data belonging to them is being processed and for what purpose. It also allows any citizen to ask for and receive a copy of the personal data stored, in electronic format.
Right to be Forgotten
There has been a lot of talk about the Right to be Forgotten which allows members of the EU to ask for their content to be removed from searches. The scope includes the data that is not relevant to original purposes for processing, or a data subject withdrawing consent.
The GDPR introduces data portability which gives the right for citizens to get the personal data concerning them.
Privacy by Design
The GDPR now requires by law that all services follow the Privacy by design principle. Privacy by design means that privacy should be at the core of all services from the beginning, since the moment of design and not expected to be added afterward.
Should you worry about the change?
Of course. It is the time to get informed and read about how the changes affect you and the sector you belong to. A lot of things are changing in respect to managing information of EU citizens and you should be concerned about compliance and have knowledge about how things are changing.
To help you get started, here are some resources full of information: