General Data Protection Regulation (GDPR) ensures everyone’s personal information is kept private. It controls how companies across the world use your data, and more importantly how you’re made aware of this.
GDPR is the strongest privacy law within the world. It was drafted and processed by the European Union (EU). Yet, these rules apply worldwide. Put in place to ensure businesses and organisations collecting user data were not hiding this. This method was put in place on the 25th May 2018, however, privacy protection has dated back decades.
No company or organisation can store user data without informing them. If found to have broken these terms, they could receive penalities of up to tens of millions of euros. This rule applies worldwide. Despite the act being passed within the EU, all countries who collect data from users within Europe must adhere to these rules.
With so much at risk, the world of GDPR can be extremely frightening, especially for smaller companies. The right to privacy is part of the 1950 European Convention on Human Rights act. It states “Everyone has the right to respect for his private and family life, his home and his correspondence”.
This worked well at the time, however as the years progressed, technology grew. With the growth of the modern world, there needed to be something more to protect users online. Therefore, in 1995 the European Data Protective Directive was passed. This ensured companies were reaching minimum data privacy and security standards.
In 2011 a woman sued Google for looking through her emails without permission. Presumably to collect data from her. Following this, Europe’s data protection authority decided they needed to carry out some work on the previous 1995 directive, and this is where GPDR came in. It was passed in parliament in 2016 but put into action for all businesses as of 2018.
Rules on collecting user data
All information collected must be:
- Used fairly, lawfully and transparently
- For specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Sensitive information has the most protection. This is anything falling into the following:
- Ethnic background
- Political opinions
- Religious beliefs
- Trade union membership
- Biometrics (where used for identification)
- Sex life or orientation
All information above was sourced from the UK Government website.
Within the Data Protection Act 2018, any user has the right to find out the information companies have on you. This applies to the government and any other organisation. You have the rights to:
- Be informed about how your data is being used
- Access personal data
- Have incorrect data updated
- Have data erased
- Stop or restrict the processing of your data
- Data portability (allowing you to get and reuse your data for different services)
- Object to how your data is processed in certain circumstances
GDPR is an important part of our lives. Especially with the whole world being online, and so many companies and uses crossing paths. It is a powerful tool so users can rest assured their data is safe when they are browsing online. However, this doesn’t mean there aren’t mistakes, and often these have huge consequences.