Also known as the GDPR, the EU General Data Protection Regulation is a piece of legislation, which was adopted in April 2016. It was approved to replace the obsolete Data Protection Directive, which has been operational since 1995. The GDPR contains provisions and regulations, which require organizations, companies and businesses to protect the privacy and personal data of EU citizens, for all transactions that occur within EU boundaries. The General Data Protection Regulation was adopted give consumers control when it comes to personal data collected by companies within the region. However, it also applies to companies outside EU as long as they are offering services or products within the region.
GDPR has mainly emphasized the issue of consent. Due to this policy, businesses will no longer use confusing or vague statements to convince you to provide them with your personal data. Apart from that, companies will no longer be in a position to tie consent with other things, in an attempt to
lure the consumer. In short, you cannot consent to numerous items by clicking a single agreement.
All consents have to be applied individually. Firms that attempt to circumnavigate these rules will face dire consequences. Also, companies must make it easy for consumers to withdraw consent. When it comes to children below 16 years, a person bearing parental responsibility must give consent of data collection on their behalf. Moreover, companies within the jurisdiction of the European Union must notify their data protection agencies within 72 hours of a data breach, once they become aware of it. The data processor is then required to notify consumers immediately once the breach occurs.
As far as user data is concerned, the GDPR has given consumers greater control. For instance, you can access personal data being stored by firms, find out its purpose and where it has been stored. It’s also your right to be forgotten, which means you have the power to ask whoever is holding your personal data to erase it permanently while preventing third parties from accessing it anymore. You can also take your stored data or information and then transfer it to another service provider.
Consequences of Breaking the Rules
So, what are the consequences of breaking these rules? Well, any business, company or organization that goes against the GDPR laws faces a fine of up to 4% of its annual global earnings or 20 million Euros, whichever is bigger. As you probably know, most global technology companies are earning billions of Euros in annual turnover. Therefore, it can be a huge setback if they are found to be in breach of these regulations.
Effect on Firms
All major organizations have been given a grace period of two years to prepare for GDPR. Most of the large technology firms have already notified their user base about these changes as well as what they are doing to comply. Most social media platforms such as Facebook and Twitter are expected to experience a considerable drop in monthly users. Apart from a drop in monthly users, companies that rely on big user data for their marketing campaigns will also experience a significant hit.