Understanding EU’s General Data Protection Regulation (GDPR)? If you are a website owner or a member of many online clubs and websites, you may notice that all of them revised their Private Policy contents. Even all plugins and apps revised their Private Policies. Why would they do that?

Understanding EU’s General Data Protection Regulation (GDPR) :

According to the EU website, the main purpose of the  General Data Protection Regulation, which took effect in May 2018 and affects all companies operating in the EU, wherever they are based are the following:

1. The GDPR seeks to give people the control over their personal data.

Many websites and social media platforms collect our information and we do not know what happens to them next. In fact, if you download your data from Facebook, you will notice that even deleted messages and posts are still included in the data you download. Your data are stored in their system indefinitely and you no longer have control over them and are “really” owned by the website you gave it too. There are also many websites who sell your data to advertisers and companies who would spam your.

2. Businesses benefit from a level playing field.

All business must adopt the EU website and all of them must disclose who they share your data with. That way, all businesses will no longer have a hidden business selling your data.

WHY AM I COVERED BY GDPR WHEN I AM NOT FROM EU?

You may not be a resident of European Union or you may not have a business there. However, all websites and social media platforms who wish to operate in EU are affected. To ensure that these businesses can reach the EU member countries, they must comply with the EU laws and regulation. Hence, the whole internet is changed by the EU.

Understanding EU’s General Data Protection Regulation (GDPR) : What CHANGED?

According to EU’s website the following are the 10 changes that GDPR introduced to the world:

1. Privacy policies will have to be written in a clear and straightforward language.

Have you ever read the Privacy Policies in the websites, games, and social media that you registered with? If not, you are not alone. Almost everyone skip through the policies because they are so long and complicated. The businesses often confuse people so that they could do whatever they want with your data. hence, the GDPR directs all businesses to simplify their private policies.

2. The user will need to give an affirmative consent before his/her data can be used by a business. Silence is no consent.

Prior to this change and in case you do not know, your silence means yes. If you ignored their private policies, it means you are allowing them to do whatever they want with the data you gave them. The companies could share it with anyone and you impliedly consented to it by not saying anything against it. But how can you tell them not to do it when these facts are hidden to you through complicated words that non-legalists could not understand.

In the GDPR, the companies will tell you clearly and exactly what they will do to your data. You have to agree/confirm with their private policy before they could process your data and use it with whatever they want. In fact prior to the GDPR, it is enough that websites include a page about private policy and it means you agree to them. Now, you have to “confirm” or “agree” to them.

3. Companies must tell you the well defined purpose  why they are collecting your data and must only use your data for that purpose. In case the company will use your data for another use, they must acquire another consent from you. 

4. Businesses will have to inform the user whether the decision is automated and give him/her a possibility to contest it. This is for businesses that collects algorithm in coming up with decisions for their customers.

5. Businesses will have to inform users without delay in case of harmful data breach. Do you remember the icloud data leak where celebrities’ nude photos were circulated? If the GDPR was present that time, the icloud must have informed the users that there was a breach long before the photos circulated the web.

6. The user will be able to move his/her data to another social media platform, even if it is a competing business.

7. The user will have the right to access and get a copy of his/her data, a business has on him/her

8. Users will have a clearly defined “right to be forgotten” (right to erasure), with clear safeguards.

9. The European Data Protection Board grouping all 28 data protection authorities, will have the powers to provide guidance and interpretation and adopt binding decisions in case several EU countries are concerned by the same case.

10. The 28 data protection authorities will have harmonised powers and will be able to impose fines to businesses up to 20 million EUR or 4% of a company’s worldwide turnover.

Have you heard of a shark with no teeth? EU may impose fines to those businesses who violates the GDPR law to make sure that they comply. Without punishment, the GDPR will become like a shark with no teeth. Meaning, it is a useless piece of legislation if there is no punishment for those that breach them.

Bottomline in Understanding EU’s General Data Protection Regulation (GDPR) :

It is a good law because it empowers everyone to have access to their data. Now, people are becoming aware that what they share online will become a public domain. Through GDPR, slowly the users can retain the privacy of these data.