Countless individuals have experienced the unauthorised use and breach of their personal data after sharing it with online businesses. The General Data Protection Regulation (GDPR) is an ambitious regulatory initiative aimed at preventing such incidents from continuing.
Trust in online companies is significantly lower than in governments, with a European Commission survey revealing that 92% of EU citizens worry about mobile apps collecting data without their consent. The majority also believe that companies are secretly misusing their data.
Indeed, companies have been profiting and gaining influence by amassing user data, with the Facebook-Cambridge Analytica scandal being just one of many similar incidents. Large corporations such as Uber, Google, and Apple have consistently breached the privacy of millions, and even those that have been transparent about data usage have failed to protect it effectively. Cyberattacks are increasing yearly, with small- and medium-sized enterprises being particularly vulnerable due to weaker defenses.
The GDPR serves as the enforcer in this digital Wild West, aiming to reintroduce the basic safety and privacy guarantees of the physical world to the digital realm. Organizations failing to protect EU residents’ personal data face fines of up to €20 million or 4% of global revenue, whichever is higher. The regulation also grants tech users specific rights, including control over and access to their data, and the right to request data deletion. Organizations are now required to use security tools like encryption to minimize user damage in case of data breaches.
The GDPR represents a shift in thinking about personal data, asserting that it belongs to individuals rather than companies. Although not perfect, the law empowers millions of internet users in the EU with greater control over their data. Here are some ways it accomplishes this:
- Rebuilding trust in the internet: The GDPR establishes a new foundational contract between companies and consumers, fostering trust in online services.
- Encouraging end-to-end encryption: The GDPR promotes the use of end-to-end and zero-access encryption technologies, ensuring that only the data owner can access their information.
- Clarifying consent: The GDPR emphasises that consent must be explicit, prohibiting marketing emails or data collection without permission. Consent cannot be given by those under 13 without parental permission.
- Sensible policies: GDPR requires organizations to provide clear, specific explanations of how they handle personal data in their privacy notices.
- Online rights: GDPR grants EU citizens and residents eight guarantees and holds organizations accountable for facilitating them.
- Accountability: GDPR imposes fines of up to €20 million for data protection violations and grants individuals the right to compensation for material and non-material damages resulting from breaches.
The GDPR’s enforcement remains to be seen, but its introduction marked a turning point in internet history. From May 25, 2018, security and privacy have become more prominent priorities for companies.
To find out more about our data protection and DPO services, email: email@example.com