31 Oct GDPR: Citizens rights and the expected effect on Business
How does the GDPR strengthen citizens’ rights?
GDPR is “shorthand” for the new European General Data Protection Regulations – the biggest change to data regulation in the history of the EU.
The GDPR gives people greater control over how their personal data is used and governs the way every business must handle personal data – including their employees. It also gives regulators greater powers to impose heavy penalties on businesses who fail to comply.
The new GDPR will ensure that you receive clear and understandable information when your personal data is processed. Whenever your consent is required, it will have to be given by means of a clear affirmative action before a company can process your personal data. The new rules will also strengthen individuals’ right to be forgotten, which means that if you no longer want your personal data to be processed, and there is no legitimate reason for a company to keep it, the data shall be deleted.
The new Regulation will also guarantee free and easy access to your personal data, making it easier for you to see what personal information is held about you by companies and public authorities, and make it easier for you to transfer your personal data between service providers – the so-called principle of ‘data portability’.
The reform requires organisations to notify both individuals and the relevant data protection authority without undue delay, where feasible within 72 hours, if data is accidentally or unlawfully destroyed, lost, altered, accessed by or disclosed to unauthorised persons, where there is a risk to individuals’ rights.
‘Data protection by design’ and ‘Data protection by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm –for example on social networks.
These rules will strengthen individuals’ rights in a practical way. The Commission and the national data protection supervisory authorities will raise awareness of these rights and how they can be used in the most effective way.
Better data protection rules mean that you can be more confident about how your personal data is treated, particularly online. These stronger data protection rules will help increase trust in online services, so that you are able to use modern technologies in a more confident way and so fully reap the benefits of the internal market. New, clear and robust rules for the free movement of data will also help businesses grow within a data protection friendly environment boosting the demand for innovative services and products.
How the GDPR affects business?
- Communication: Using plain language, explain who you are when requesting personal data and why you are processing this data, how long you will store it for, and who will have access to it.
- Consent to process the data: in the instance of children and social media, checking the age limit for parental consent.
- Access and portability: let people view all the data you have on them and allow people to transfer this data from one provider to another.
- Warnings: informing people of data breaches or issues.
- Erase Data: this gives citizens the “right to be forgotten” i.e. the right to request that a company erase the personal data it is storing about them, for example the comments people make on social media in their youth are not always content they want their future employers to see.
- Profiling: if you are profiling someone’s information, for example for a loan application, financial institutions must now ensure the final decision is always made by a person and not a machine and the applicant has the option to contest the decision.
- Marketing: this applies to most companies operating in today’s business world. With GDPR there must always be an option to easily opt out of any marketing.
- Safeguard sensitive data: ensure an EU citizen’s data around their health, race, religion, sexual orientation and political beliefs is safeguarded at all times. This would apply to doctors and medical professionals.
- Transferring data outside the EU: making legal arrangement for any data being transferred to non-EU countries.