The GDPR was created to give control to EU citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying the regulation within the EU. Let's dig a little deeper into this new EU law, why it was needed, and what exactly it means for your organization.
Why is GDPR important?
The news recently has been saturated with stories of companies providing their best "mea culpa" after it was learned their users' data was used without their permission. Facebook's CEO Mark Zuckerberg has appeared before Congress and the European Parliament in response to the news that the world's largest social media outlet was aware of sharing its users' data with Cambridge Analytica in 2015, and that 87 million people might have been affected. Cambridge Analytica, a now-closed political data company, used that data to build voter profiles before the 2016 U.S. presidential election.
The Facebook fiasco was just one of many such incidents where users' data was used without their knowledge or consent. Google, Twitter, and other organizations have all either provided user data to other organizations without permission, or had massive data breaches. Due to the increasing amount of privacy concerns for users, the EU in 2016 decided it was time to replace its outdated Data Protection Directive with GDPR, giving organizations two years to get everything in place.
What Does GDPR Do?
GDPR was put in place to protect the personal data of users living in an EU country. Once the law hits the books, companies around the world have to follow the regulations when it comes to residents or those living within the EU. Failure to comply can result in lofty fines. The new regulation grants those users a set of six rights:
- Right of access: You can ask an organization what personal data is being processed (used), why, and where.
- Right to rectification: If you want to correct, revise, or remove any of the data an organization retains on you, you may do so at any time.
- Right to be forgotten: At any time, you can ask to have all of your personal information permanently removed from an organization's system.
- Right to restrict processing: If you believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
- Right of portability: Organizations must provide you with the ability to move any of your account data to a third party at any time.
- Right to object: If you decide that you no longer wish to allow your data to be included in an organization's analytics or for organizations to provide personalized (targeted) marketing content, you can contact the organization to request removal of your data.
The new law gives users greater authority over how their information is used by organizations, as well as a more transparent view of how that information is gathered.
What Does The GDPR Mean
for Your Organization?
That being said, it's no laughing matter for companies. It doesn't matter if your organization is based in France or the United States; if your company has users - and, by extension, their data - from within the EU, the new law applies to you as well.
This means organizations can no longer use "applied consent" when it comes to contacting users or giving their data to a third party. Users living within the EU must be told their data is being collected and the purpose of its use. They must also be given the option to opt out of any unsolicited correspondence.
Any data we collect is protected and, rest assured, we don't try to hide anything from you. If you have any questions or concerns about your data, or how it pertains to GDPR compliance, feel free to contact us by emailing email@example.com or fill out our contact form. We'll be more than happy to talk with you to assuage any concerns you might have.