The GDPR Basics: What Consumers Need to Know
What companies do with consumer data has always been a hot topic – where they store it, how they secure it, and who gets access to it. Often times, this data can get mishandled by organizations, creating a security headache for consumers in the process. Therefore, to ensure all companies are being held responsible for the way they handle consumer data, the European Union took action and created something called the General Data Protection Regulation (GDPR). Passed in April of 2016, GDPR was created to protect the personal data handled by companies – but what exactly does GDPR entail for consumers? Let’s take a look.
What is GDPR?
The General Data Protection Regulation (GDPR) is data protection legislation which was created in order to introduce tougher fines for non-compliance and breaches, and give people more say over what companies can do with their data. Replacing the EU Data Protection Directive of 1996, GDPR is more of an evolution of existing rules rather than a revolution, but it brings in important changes. These changes have been introduced due to the changing nature of the world we live, the volume and prevalence of data, and the value of personal data in an increasingly connected world.
Who Does It Affect?
With these rules coming into effect on May 25th 2018, it’s important to know what this legislation specifically impacts. The scope of “personal data” is broad, ranging from online identifiers such as IP addresses to social identities, but basically GDPR will cover anything that can be traced back to you as a specific individual, aiming to protect your personal data and to give you more control. It protects all EU citizens no matter what– in fact, it is irrelevant where a company collecting data is based in the world as long as they have EU customers. GDPR places a requirement on companies to “implement appropriate technical and organizational” measures with regard to how they handle and process personal data. These companies will be required to be able to:
- Offer proof that all individuals have provided consent for their data to be held.
- Demonstrate how and when this consent was obtained.
- Enable individuals to both withdraw that consent at any time and be forgotten (i.e. have their data erased).
- Enable individuals to have full access as to how their data is being processed.
How to Prepare for It
With GDPR fast approaching, the most important thing both companies and consumers can do is be educated and prepared. Consumers need to know their rights, and how GDPR will enable them to control what happens to their personal data. They’ll likely see more “consent” requests attached to any data collection. But remember – the majority of the change involved in GDPR will rely on compliance from organizations that hold consumer data.
More antivirus and malware news?
- Netgear Routers Plagued by Serious Vulnerabilities
- What corporate security pros should do about Shellshock/Bash bug
- Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important
- Is a community approach to IT security ever safe?
- Accused NSA leaker was angry over Fox News always being on in the office
- Judge shuts door on attempt to get a new trial for Ross Ulbricht
- RCE, SQLi Flaws Found in Popular Web Apps
- Mysteries of the Panama Papers
- CTB-Locker Infections on the Rise
- Google Graveyard: What Google has killed off in 2015