What is GDPR?
The GDPR is a new data protection regulation that replaces the European Union’s 23-year-old previous law governing user data protection. It gives the EU citizens greater control over their personal data and how companies can use it. It also clarifies the responsibilities for online services such as Google and Facebook with European users.
This is it.
Today, our EU #DataProtection rules enter into application, putting the Europeans back in control of their data.
Europe asserts its digital sovereignty and gets ready for the digital age.
Read our statement → https://t.co/P19IRPWfqv #GDPR pic.twitter.com/hwCKSj2TjE
— European Commission 🇪🇺 (@EU_Commission) May 24, 2018
Users will have the right to object to specific ways companies are using their personal data. If you are an EU citizen, you can ask companies to delete your data, send copies of the data, or rectify an error. Companies will have to comply with your request. The UK is part of the EU, but is set to leave it in 2019. So, the regulation applies to the UK citizens as well, until 2019 when the country’s own Data Protection Act will come into effect. It will have almost all the provisions of the GDPR with a few minor tweaks.
GDPR requirements for companies
There are tons of GDPR regulations outlined by the European Union. To begin with, companies are required to notify users and regulators about data breaches within 72 hours of a breach. It would be a positive step for the Internet. Last year when a massive data breach at Equifax exposed the personal information of about 143 million Americans, the company spent several weeks preparing to deal with the aftermath before making it public.
Other GDPR requirements include the data subject access request. The EU citizens can submit a data subject request and the company will have to give them access to review their data within 30 days. A lot of companies will have to revamp their internal infrastructures to handle such requests. If the company fails to respond within 30 days, the user can file a complaint with their local regulator.
Carelessly handling or misusing your personal data will attract significant GDPR fines. Depending on the severity of the case, the GDPR fines could go up to 20 million euros or 4% of a company’s global turnover in the previous year. For instance, if Facebook fails to comply in a case, it could be fined up to $1.6 billion, which is 4% of its previous year’s revenue of $40 billion. Minor transgressions will be subject to smaller penalties.
At this point, the regulation remains ambiguous and complex. So, the regulators might give companies some breathing room initially. Many US news outlets including the LA Times and The Chicago Tribune have made their websites temporarily unavailable in European countries as they are not prepared to comply with GDPR requirements.
European consumer rights organization Noyb has filed complaints against Facebook and Google on the very first day of the GDPR going into effect. The complaints are related to Android, Facebook, WhatsApp, and Instagram. Noyb has accused the companies of having forced users into agreeing to their new terms & conditions. Noyb told The Guardian that Facebook has blocked accounts of people who haven’t given consent.