Introduction
Have you been getting more annoying emails unusual lately mainly asking you if you want to stay on a mailing list you don’t even remember joining? Yeah, sound familiar? Say hello to GDPR. It is being described as the biggest shake-up of data protection laws in a generation, giving ordinary people unprecedented control over the information companies hold on us. So what is GDPR and what does it mean for you?
Table of Contents
What is GDPR?
All those emails from companies desperate to keep you on their mailing lists, that’s not some weird PR strategy. It’s all because of a massive change in EU data protection rules which kick in soon: the General Data Protection Regulation, which is way too long, so let’s just say GDPR instead.
Reasons for the New Laws
So what’s the reason for these new laws? Today, nearly every part of your life can be digitized, tracked, and logged—every picture, every journey, every purchase, even every heartbeat. More and more of your personal information is collected, stored, and traded by companies and governments. The new GDPR regulations cover things that could identify us, so your name, contact details, the location of your computer, and personal data like race and sexual orientation. From now on, organizations will have to prove they have a lawful reason for holding that kind of data and, even more importantly, show that they’re keeping it safe.
Impact on Emails
So what’s with all the emails? Companies need to prove your consent if they want to keep your information about your name and email address on their system. That’s why everyone’s inbox is bursting at the moment. But some experts don’t think companies really need to send all their users emails at all. If you signed up for something and gave someone permission in the past, it’s probably still valid. In some cases, companies who are contacting you might be acting illegally because if a company can’t already prove consent, they shouldn’t be emailing you to confirm your details. We’ll get more up-to-date information; it’s a bit of a mess. But the good news is you don’t have to worry about it too much because if you don’t reply to the emails, then that company should delete your information from their system.
Business Nervousness and Penalties
In fairness, it’s not really surprising that businesses are nervous about GDPR. The potential penalties for firms are massive—up to four percent of a company’s annual turnover. So that would mean if the Silicon Valley giant commits a serious breach, they could get slapped with a multi-billion-pound fine. It’s a serious piece of legislation but it’s supposed to empower the people who give companies their data, namely you.
New Powers for Individuals
So what new powers do you get? If a company has to ask for permission to store your data, then they’ll have to be much more upfront about it. So no more check boxes with confusing questions designed to make you give away more information than you want. Or, let’s say a database of a site you use is hacked and the information is stolen. The organization that was storing information on you will have to tell you about the hack within three days. And you now have the right to see your own personal data. If you think a dodgy company is holding information on you, you can demand that they hand over everything they have. As well as this right of access, there is a right to be forgotten. In a number of cases, you can actually get your data erased. But don’t get carried away; that doesn’t mean you can delete yourself entirely from the system. Hospitals, government agencies, and even journalists are exempt from that rule.
EU Law and Global Impact
So what says EU law about what to do with you? The UK government says it will bring the EU regulation into British law, regardless of how the Brexit deal pans out. But millions of people outside of Europe are going to be affected as well because companies that have operations in European countries all have to sign up to the rules, along with organizations based outside of Europe who store data of EU citizens. So GDPR is something that could affect the way the whole world thinks about data. Some campaigners say this is a chance for the biggest companies to rebuild trust with their customers after scandals involving the misuse of data. You might remember when we went undercover to expose a company called Cambridge Analytica. They’re accused of using personal data from Facebook users, harvested without their consent, to try and influence elections. It’s data breaches like this that GDPR is supposed to stop. Facebook has already said they’re going to apply the EU rules to all of their users around the world. Mark Zuckerberg said the social media giant needed to regain users’ trust after the Cambridge Analytica scandal: “We didn’t take a broad enough view of our responsibility and that was a big mistake and it was my mistake and I’m sorry.”
Criticisms and Future Outlook
But some critics say GDPR is too vague and contains loopholes that will still let big companies get away with hoarding your data. Others think the new rules will become a burden to business, saying it will cost them money to hire new staff to deal with the rule changes and those costs might mean higher prices for customers. In all honesty, nobody really knows what the long-term impact will be, but it’s a sign of the times. Governments are finally waking up to how much data companies hold about their citizens and what it should be used for. This is just the start of a journey that could change the way you think about your digital information forever.