GDPR becomes enforceable on May 25th, 2018 and will affect everyone who collects data from the European Economic Area (EEA) and European Union citizens.
What is GDPR?
The General Data Protection Regulation (GDPR) is a data protection regulation designed to harmonize data laws across Europe, empower individuals by providing more control over their data, and to reshape the way businesses process personal data. Personal data is now more broadly defined as being any information relating to an individual’s private, professional or public life including name, home address, photos, email address, bank details, browsing activity, posts on social networks, medical information, including IP address. Essentially, any information that can be used to identify a natural person is now defined as Personal Data.
What rights do users have?
Right to be forgotten also known as Data Erasure entitles the data subject to have the data controller erase their personal data from its systems and cease further dissemination of the data or processing of the data.
Right to access is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose in addition to being able to visualize the data a company may have on the subject.
Right to portability is the right for a data subject to receive the personal data concerning them and have the right to transmit that data to another controller.
Right to rectify & correct is the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to file a complaint is the right for every data subject to lodge a complaint with a single supervisory authority.
Right to revoke consent is the right to easily withdraw consent as it is to give it. Meaning consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.