GDPR or General Data Protection Regulation is one of the most significant changes made in 20 years in data privacy regulation. Applicable from May 2018, the GDPR is a set of data protection rules. It is a replacement to the former Data Protection Act 1998. It includes all the companies operating in the European Union, no matter where they are based.
The latest data protection regulation imposes tougher restrictions on the collection of personal data, its utilization, and storage. It gives individuals greater say over what companies are allowed to do with their data. This strict rule on data protection results in 2 important points. Firstly, people will have more control over their personal data. And secondly, businesses could benefit from a level playing field.
The GDPR 2018 is all about making significant changes. It scrutinizes the old rules and regulations and changes them keeping in accordance the latest ongoing around the world. Data leaks, data mismanagement, hacking of personal data from company databases are some of the growing concerns around the world. And considering all these, the GDPR brings about some of the much needed important changes.
1. Simple Language:
Business language is often seen as more complicated than the language we use in day to day life. Similarly, the privacy policies of businesses are also explained in the lengthy and complicated way. There is very little clarity.
However, with the coming of GDPR, all the businesses have to write and explain their privacy policies in a clear straightforward language.
2. User Content:
Sometimes businesses assume user’s silence to data processing as consent. Without any direct declaration, businesses tend to hide a request for consent in long, legalistic terms and conditions which apparently no one reads.
But from now, according to GDPR an affirmative consent from the user is necessary. Only after this, businesses can use an individual’s data. Silence, therefore, does not consent anymore.
Data Protection Regulation clearly states that businesses need to clearly inform the user about any transfer of individual data outside the European Union. Collection and processing of data are permissible only for a well-defined purpose. User-oriented GDPR focuses on the fact that the user is informed about anything that the business intends to do with their personal data. Unlike the earlier times when business used algorithms to make decisions about the user, now GDPR compliance is necessary. Businesses have to inform the user about the automated decision. Further, they also need to provide the individual a choice to contest it.
GDPR data protection ensures that businesses inform their users without any delay in the harmful data breach if any. The users further have the right to access and get a copy of the individual data that the businesses have.
Earlier users could not take their data from a business and move it to another competing service.
GDPR now enables the users to move their data, for example to another social media platform. While earlier it was difficult for a user to delete their personal data, now the right to erase solves this. With the “right to be forgotten” users can delete, remove all their data with clear safeguards.
When the GDPR is put to action, the European Data Protection Board along with 28 data protection authorities will have the power to provide guidance and interpretation. Therefore authorities can impose fines to businesses up to 20 million EURO or 4% of a company’s worldwide turnover in case a business violates the rules.
Therefore, GDPR overview is that it helps to clear out complicated processes and rules and regulations. To all the users, a greater clarity, more rights are ensured. And businesses need to be careful about the handling of user privacy and personal data with utmost sincerity. Aiming for a safe and secure and also a well-maintained business-consumer relationship, GDPR is a huge change which is sure to benefit everyone concerned.