If you have a lot of online accounts, you have likely received many notices over the last few weeks regarding privacy policy updates. There is a simple reason for this. It’s called the GDPR or the General Data Protection Regulation. If you don’t live in the European Union, you might not be familiar with it. It is an EU law that goes into effect tomorrow (May 25, 2018) “to give control to citizens and residents over their personal data.” Because so many Internet-based companies do business worldwide, it is easier for many of them to simply adopt the practices necessary to meet the GDPR for all of their users. That’s why you are getting all those emails asking you to review new privacy policies.
So how does the GDPR affect citizens of the EU and the users of companies that adopt the GDPR in general? Here are some highlights.
- Companies who collect any personal information from you must
- clearly disclose what data is being collected and how
- why it is being processed
- how long it is being retained
- if it is being shared with any third-parties
- You have the right to request a portable version of the data collected and stored about you in a common format that would be easy for you to read; in other words, they can’t send it to you in a file format that you would need to purchase expensive software to read
- You have the right to have your data erased in certain circumstances
- Any breach of data must be reported within 72 hours
- And any business who primarily processes personal data must appoint a Data Protection Officer (DPO) who is responsible for managing all this
Keep in mind that these regulations only legally apply to those individuals within the EU and companies who do business within the EU. However, since so many companies do business around the world and collect personal information to do so, there is a high likelihood that you will have many more ways to control how your data is stored and shared.
Be sure to not simply ignore all those updates to those privacy policies. It is worth taking a little time to review them. They should be much easier and clearer now in many cases due to the new GDPR regulations that take affect tomorrow in the EU.