You have, no doubt, already heard about the General Data Protection Regulation (GDPR). I will attempt to explain, as simply as possible, what it is and how it affects all of us Europeans.
In a nutshell, the GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR, basically, gives control to citizens and residents over their personal data.
The European Parliament adopted the GDPR on 14 April 2016 and it became enforceable on 25 May 2018. The GDPR replaces the 1995 Data Protection Directive.
The GDPR is a regulation, not a directive. It does not require national governments to pass any legislation and is directly binding and applicable.
The GDPR extends the scope of EU data protection law to all foreign companies processing the data of EU residents. It also brings with it a strict data protection compliance regime with severe penalties for non-European companies.
The GDPR also brings a new set of digital rights for EU citizens.
Who It Applies To
The regulation applies if the data collector, or processor, or person is based in the EU. Sometimes, the regulation also applies to organisations based outside the EU, if they collect or process personal data of individuals located inside the EU.
Definition Of Personal Data
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social media, medical information or a computer’s IP address”.
Right Of Access
You now have the right to access your personal data and information about the processing of this data. A data collector must provide, on request, an overview of the data which is being processed, as well as a copy of the actual data. Furthermore, the data collector has to inform the person on why the data is being processed, with whom the data is shared, and how it acquired the data.
Hopefully, you may now realise why various companies have bombarded you with requests to review their data protection policies. It’s all to do with the new GDPR which came into force at the end of May. Let’s hope that our personal data will become more secure as a result!