Approved on 14 April 2016 after 4 years of preparation, the European General Data Protection Regulation (GDPR) comes into effect today.
Brno, May 25 (BD) – For many people, this has probably meant that your inbox has been flooded with companies updating you on their privacy policies or requesting that you give them permission to keep your data. Whilst this may have been rather irritating the Regulation is designed to benefit consumers, employees and companies (even if the companies currently don’t think so).
The development of GDPR started long before the current scandals involving Cambridge Analytical and Facebook but incidences such as these, which are not isolated, help to highlight the need for greater data protection.
The Key Points
There will be many implications arising from the regulations and it may take some time for all of them to become apparent so, in the meantime, here are some of the most important points for the public and companies in layman’s language.
Simpler, direct terms. No longer can a company send you a long list of terms and conditions with a note in the fine print that they can use your data for specific marketing purposes designed to benefit you (or something like that). Companies must explicitly state which data they will use and how in straightforward terms. So, hopefully, no more blithely clicking on a long, complicated agreement which you haven’t actually read.
Easy data access. All individuals have the right to request access to the information which a company holds about them and how it uses it. The company must provide the information free of charge and in an easily accessible format or risk a heavy fine.
The right to be forgotten (Erasure). This could be slightly more complicated under certain circumstances, but it should basically mean that a company must delete your data and not disseminate it if you request them to.
The law applies to the whole of the EU. Harmonisation was one of the key aims and all firms must meet the same standards in protecting data. This also applies to non-EU countries who have dealings with EU citizens.
It has teeth. Unlike the previous Directive, GDPR carries real weight. Companies found in breach of the Regulations can be fined up to €20million or 4% of their annual turnover for the most serious offences.
Paperwork. Many managers, CEO’s or company owners I have spoken to in the last few months have expressed frustration about the amount of paperwork and the length of time it takes to comply with the regulations. Nevertheless, there seems to be a general feeling that, in the long-term, it will become easier.
Confusion and panic
That slew of e-mails mentioned previously is partly due to companies being unprepared or not understanding what GDPR entails. With 99 articles it is a weighty read. Add in the hefty penalties and conflicting advice from experts and lawyers and it’s not surprising that many companies are panicking.
In April, The Economist (https://www.economist.com/business/2018/04/05/europes-tough-new-data-protection-law) reported that almost 60 % of companies will not be compliant with GDPR today.
The internet is currently full of GDPR articles so, if you are unsure what it means for you then find a source which you trust and get reading quickly. A good starting point is https://www.eugdpr.org/
The future
Various sources and newspapers have suggested that, while the Regulations are strict, there will be some leeway in the beginning and that there will be many test cases before it is understood how the rules will affect companies and individuals.
Disclaimer: This article is not intended to give legal advice. Please seek advice from a lawyer if you are unsure about your situation.
Get the news first! Subscribe to our daily newsletter here. Top stories of the day in your mailbox every morning.
