How the world is going to be different after GDPR
What is GDPR?
Coming in on 25th May 2018. The General Data Protection Regulation is an EU law that gives you more rights concerning how personal data is collected, used and stored. It also provides new rules for companies, ensuring that organisations handle personal data correctly.
But what is personal data exactly anyway?
Personal data is any information that relates to a living person, which can be utilised to distinguish that person. Things like your name, home address, email address, and IP address are all classed as personal data.
Under GDPR there is a second level of data, sensitive personal data, this includes things such as sexual orientation, religion, political views or health data. Businesses cannot hold this data on customers unless they opt-in to share it. Not even with a sneaky pre-ticked box.
Don’t worry, at 1tap we don’t hold any sensitive personal data on our customers.
So great, but what does that mean?
With GDPR you’ll have more control and more power over your data. New rights include:
Right to be informed – Transparency is an important aspect of the GDPR. Therefore, you have the right to know how companies collect and use your personal data.
Right to erasure – Under GDPR, consumers have a right to have their personal data erased. So you can request a company to delete any data they hold on you. There are exceptions to this right, and before a company deletes all your data, they have to confirm that the request is coming from you and that there is no legal reason they should hold on to that data.
Right to data portability – With the right to data portability, you’ll have the rights to obtain and send your data across other platforms. It’s your data after all so it’s only fair. Essentially this means that you can request a company to send all the data they hold on you elsewhere.
And for companies?
Under the GDPR companies will be obligated to report personal data breaches to the relevant authority. Companies will have to report breaches within 72 hours of discovering the breach. Additionally, if it looks like that breach could affect individuals rights and freedoms. The company has a duty to contact those affected and make sure they are aware of the breach. The penalties for failing to comply with the GDPR are severe. A company found to be in serious breach can end up with a fine of up to 20 million euros, or 4% of turnover. Whichever is higher.
Companies also have to appoint a Data Protection Officer who will be responsible for ensuring that companies are using, processing and storing data correctly. As well as organising staff training, internal auditing, and cooperating with supervisory authorities for the company.
So what’s 1tap doing for GDPR?