GDPR, how privacy is changing

July 06 10:30 2018 Print This Article

On May 25th 2018 the GDPR (General Data Protection Regulation) officially came into force: a regulation on data protection proposed by the EU in order to guarantee better privacy safeguarding for European internet users.

The personal data discussed in the section dealing with the web includes information such as names, surnames, IP address, location, search engine history of websites and in general, all the information used by companies to optimise the targeting of advertising campaigns.

According to this document, the various companies which deal with citizens of the Old Continent must conform to the new regulations. That means that multinationals like Facebook, Instagram, Twitter etc. are obliged to follow the rules.

In brief, the GDPR states that all European citizens must authorise the collection of their personal data, before companies can take possession of it.  Furthermore, those companies must also allow users not to give their authorisation.

But that’s not all: according to the new regulations, the EU population has the option to request and obtain a copy of the information supplied to the companies which provide a service.  For this reason, companies such as Instagram have started to permit the downloading of their archives.

The procedure seems straightforward and practicable so far, but in some parts of the document things become more complicated. This is the case for example in the section of the GDPR relating to the protection of citizens who supply their own data to a ‘foreign company located in a non-European territory’.

How can the regulations be applied to such a situation? What guarantees can be given to citizens of the European Union who allow their data to be processed abroad? An answer to these questions is not yet available, but these issues will hopefully be clarified soon.

From a practical point of view, with the GDPR, users will be asked more frequently for their consent before certain information is accessed. This will happen every time changes are made to an account (changes which must be explained with absolute, total clarity).

In addition, all sites will have the responsibility of transparency when supplying information on the data collected and on third party companies they work with, for example for advertising, (according to the EU it is fundamental that users should also be protected in the case of data sharing between companies working together).

A separate point relates to data stored in Cloud: in such cases, it is foreseen that the company providing the service should be able to demonstrate that the saving and transfer of information is carried out in accordance with the regulations stipulated in the GDPR.

According to some privacy experts, in order to simplify the procedure, businesses should only work with companies who are able to provide robust guarantees on data protection. These guarantees enable the risks to be reduced and security to be increased.

As for sanctions (to be imposed for all violations), anyone who does not follow the GDPR regulations risks a fine ranging from 4% of company turnover to a maximum of 16 million euros.

These strict measures have led to a great deal of controversy during the presentation and approval of the General Data Protection Regulation. The protests mainly resulted from the fact that, according to some, this system will penalise medium-sized businesses more than larger ones.

The original article was originally posted here:

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment