New EU data protection law

By 20th April 2016November 21st, 2017Technology & Business Intelligence
European Privacy Laws | Security cameras

The word Data isn’t usually greeted by cheers and high fives. Data Protection Law, even less so. Although boring, it’s mighty important. On the 14th of April 2016 the EU voted in favour of a new data protection laws. This is a massive update from the previous regulations that are as old as Justin Bieber.

Under the General Data Protection Regulations (GDPR) companies and services are required to be opt-in rather than opt-out by default. This means for example that social networks’ default setting has to be set to the strictest possible privacy settings. It’s up to its users to share more data if they want.

Another notable change will be the language used to describe privacy policies. The language used has to be clear and plain. If you’d ever actually scrolled through terms and conditions for example, you’d understand why this is a relief.

Companies with plenty of personal data will have to hire a Data-Protection Officer. As data is becoming increasingly important for marketing, customer service and as a service in itself, this is likely to affect numerous ecommerce companies.  Citizens will also have more information on how their data is processed and if it’s been hacked or disclosed in some way.

A Guide to GDPR

Remember the EU Cookie Law? Some companies comply, some don’t. The GDPR will be more hard core. If the GDPR is breached companies can be fined up to four percent of its global turnover. If you’re Google, that will hurt.

Individuals in EU already have the right (to some degree at least) to ask search engines to remove links leading to personal information. This right will be strengthened and the requirements for this will be clearer.

The GDPR will not come into force until April 2018. This gives member states two years to implement the new directives into national law.

In summary, the new law covers the following:

  • A right to be forgotten
  • Consent to the processing of private data
  • A right to transfer your data to another service provider
  • The right to know when your data has been hacked
  • Privacy policies are explained in clear and understandable language
  • Fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.

The new regulations are designed to “give citizens more control over their own private information in a digitised world of smartphones, social media, internet banking and global transfers.” One of the big questions however is if the new regulations will have to be re-written once the Internet of Things really kicks off…?

Want to find out more? Here are a couple of useful links:

Preparing for the general Data Protection Regulation (a 12 step guide)