The change to GDPR law is up there with the Twin Towers and Diana: “Where were you when the GDPR laws were put into place?” Such was the chaos of the day as people who had no business understanding anything of IT, compliance, or data privacy, grappled with what this new acronym meant and how to enact it. The 23rd of May 2018 was the day that changed website compliance forever. Five years on, almost to the day, has anything changed? Is the same law enacted? What is the purpose of it? And is there any other way we take control of our data? We’re exploring what has changed since the GDPR laws were put into effect and what needs done to keep in line with them.
What is GDPR?
The General Data Protection Regulation laws were put into place by the European Union and therefore say that any website taking data from EU citizens should first ask for permission to use the data. This is why users in Europe will have a pop-up whenever they enter any website that asks them to “accept” what the website’s company intends to do with your data, often with an option to read more into it or to deny these terms.
This detail is the most obvious of the laws, which covers lots of regulations on data protection and privacy and outlines the rights of the user and the control of their data. This is just one of many ways that users can control their presence on the internet. Services like Incogni deal with data brokers to help manage your digital footprint.
When was the last update on GDPR?
The answer here is two-fold. Although there haven’t been any sweeping changes to the laws, individual countries, and the EU itself keep the GDPR laws under constant review and there have been slight amendments made to individual countries’ take on the GDPR laws. For example, the “UK GDPR” offers all the same rights and obligations as the EU GDPR laws and sits alongside it as a regulatory law for any business operating in the vicinity.
What rights do the GDPR laws offer?
Eight laws are outlined in the GDPR laws. These are made up of…
- The right to be informed, wherein a website must outline how they intend to use user data, typically in a site’s privacy policy.
- The right to access, where if a user asks to see the data gathered on them, the website owner must hand it over, usually in CSV.
- The right to rectification, wherein the user has the right to change or correct data that is wrong.
- The right to erasure, wherein the user can delete data.
- The right to restrict processing, where the site owner can collect the data but not process it.
- The right to portability or the right to use their own data for their own purposes.
- The right to object, specifically to having their data used in the ways outlined in your site’s privacy policy.
- Rights pertaining to automatic decision making such as profiling. The GDPR laws outline requirements for using data for automatic decision making, such as targeted marketing.
