You're probably wondering why your email inbox has been filled with messages announcing you changes to the privacy policyThe reason for this is that as of May 25, 2018, it is mandatory comply with the European Union's GDPR.
The Internet is part of our daily lives, we are always connected to applications through our smartphones and computers. We access web pages that store information about what we do, where we are and they know our preferences. Every time we log in and browse, we generate data.
In all these data are interested many, but many companies, because knowledge is power, and this information generates large amounts of moneyAnd as always, they appear deviations from proper use, resulting in abuse and theft. All of this led to the European Union to take action to protect data.
For this reason, they decided to create a Law to Regulate the Management and Protection of Data, called by its initials in English “GDPR”. Now, for some time now, we have heard everywhere, What is this? What does it mean? What are we facing? So in this post you will clear up any doubts regarding this regulation.
What does GDPR mean?
GDPR stands for General Data Protection Regulation. It would be translated as General Data Protection Regulation (GDPR)It is a law created by the Parliament, the Council and the Commission of the European Union, where it is intended unify the security of data of individuals within the political community and outside it.
This regulation appeared on April 27, 2016, but the May 25, 2018 became mandatoryThis gave companies around the world a chance to catch up with these regulations.
It should be noted that It is the first law that affects all countries of the European Union equally. It was a regulation that many companies were requesting in unison. Because, if they wanted to enter this community, had to comply with 28 different legislations.
Therefore, companies located outside the European Union and using data from citizens of the old continent must comply with the legislation.
What is the purpose of the GDPR?
This European Union Law It has fundamentally 2 objectives, first of all, to grant people a greater control over the use of your data personal data by third parties.
And secondly, offers a simpler legal environment, so that businesses can operate with the same regulations across the political community.
In other words, we will have new rightsThe law aims to protect our data. So they tell us what data they collect, what they're going to do with it, and establish an understandable privacy policy. In addition, they should have the option to their permission to continue using our data can be revokedIt also allows the power to request a copy of the information used, as if it were an audit.
For example, if we want Google to delete certain information about us, we can request that it be deleted with the right to be forgotten, as established by law.
Who does the law apply to?
In this world of data, The law indicates that the “data controllers” determine how and why personal data is processed. And the "data processors" They are the ones who carry out the data processing.
Hence, both must comply with the regulations, and if any of them are outside the political community, they must continue to apply the law while they are processing personal data of European Union residents.
If they violate the regulations, they could be fined 41% of their annual turnover or €20 million, whichever is higher. However, if the violation is minor, the fines could be 21% of their annual turnover.
Data types according to the regulation
The law establishes two levels of data. The first specifically identifies us as users, such as ID, IP address, email address, account numbers, or any other information associated with our identity, and will have additional protection.
At the next level, we find less important information, such as zip code, place of birth, or residence. Anyone can access this data. These are just a few, as the list is longer at both levels.
What must be done to comply with it?
If you are a "data controller" or "data processor," you must be familiar with the regulations in detail to determine their scope. You can obtain this document at the following link.
On the other hand, they must create a data log, which would be like a GDPR diary, so that the process can be audited by the Data Protection Association (DPA).
They must then classify the data to understand what vital information they need to protect and how they are currently doing so. This would also determine where it is stored, who is viewing it, and how it is shared.
In short, this new law will generate a series of adjustments in data processing, from large to small businesses. Many of them will likely implement these GDPR modifications globally and thus have a single regulation for all their users.
As users, do we have to do something?
For now, no, as many services will tell you they've already made the relevant changes according to the law. Many companies assume they don't need new consent, as they have legitimate reasons for retaining the information.
However, if a service deems new consent necessary, they would send a message, and if they don't respond, they wouldn't be able to use your data. In other words, they would be unsubscribed.
So, you can see why our inboxes are flooded with emails from all the websites we're registered with. It's been two years, but most of them started sending privacy policy updates in the last few days.
Time will tell if it is beneficial.
In this way, we might have a scenario where the European Union, with this law, strictly regulates data handling, but in the Americas it would remain liberal.
In conclusion, with the GDPR, the European Union gives users more power over their data, confronting companies that want to know everything. Because data has become a multi-billion-dollar business through personalized advertising. It remains to be seen whether it will bring real benefits in practice.
Image: Pixabay
Español de Colombia
English
Português do Brasil