The GDPR was created to give control to EU citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying the regulation within the EU. Let’s dig a little deeper into this new EU law, why it was needed, and what exactly it means for your organization.
Why is GDPR important?
The news recently has been saturated with stories of companies providing their best “mea culpa” after it was learned their users’ data was used without their permission. Facebook’s CEO Mark Zuckerberg has appeared before Congress1 and the European Parliament2 in response to the news that the world’s largest social media outlet was aware of sharing its users’ data with Cambridge Analytica in 20153, and that 87 million people might have been affected. Cambridge Analytica, a now-closed political data company, used that data to build voter profiles4 before the 2016 U.S. presidential election.
The Facebook fiasco was just one of many such incidents where users’ data was used without their knowledge or consent. Google5, Twitter6, and other organizations have all either provided user data to other organizations without permission, or had massive data breaches. Due to the increasing amount of privacy concerns for users, the EU in 2016 decided it was time to replace its outdated Data Protection Directive7 with GDPR, giving organizations two years to get everything in place.
What Does GDPR Do?
GDPR8 was put in place to protect the personal data of users living in an EU country. Once the law hits the books, companies around the world have to follow the regulations when it comes to residents or those living within the EU. Failure to comply can result in lofty fines. The new regulation grants those users a set of six rights:
- Right of access: You can ask an organization what personal data is being processed (used), why, and where.
- Right to rectification: If you want to correct, revise, or remove any of the data an organization retains on you, you may do so at any time.
- Right to be forgotten: At any time, you can ask to have all of your personal information permanently removed from an organization’s system.
- Right to restrict processing: If you believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
- Right of portability: Organizations must provide you with the ability to move any of your account data to a third party at any time.
- Right to object: If you decide that you no longer wish to allow your data to be included in an organization’s analytics or for organizations to provide personalized (targeted) marketing content, you can contact the organization to request removal of your data.
The new law gives users greater authority over how their information is used by organizations, as well as a more transparent view of how that information is gathered.
What Does The GDPR Mean for Your Organization?
That being said, it’s no laughing matter for companies. It doesn’t matter if your organization is based in France or the United States; if your company has users — and, by extension, their data — from within the EU, the new law applies to you as well.
This means organizations can no longer use “applied consent” when it comes to contacting users or giving their data to a third party. Users living within the EU must be told their data is being collected and the purpose of its use. They must also be given the option to opt out of any unsolicited correspondence.
Any data we collect is protected and, rest assured, we don’t try to hide anything from you. If you have any questions or concerns about your data, or how it pertains to GDPR compliance, feel free to contact us by emailing firstname.lastname@example.org or fill out our contact form. We’ll be more than happy to talk with you to assuage any concerns you might have.