Everything You Need to Know About EU’s General Data Protection Regulation (GDPR)

The European Union recently passed a new legislation, called the General Data Protection Regulation (GDPR), to protect its citizens’ privacy and to control companies that collect and store their data. The law has already come into effect and changes rules for companies that deal with data of European citizens.

Such companies are now legally bound in the 28-member EU and will face severe penalties if they fail to abide. The GDPR was introduced two years ago in April 2016 and companies were given a two-year period to comply.

It requires companies to be more open with their users about how their personal data is being used, while also ensuring complete transparency about where the data goes, with whom it gets shared with, and vice versa.

The Facebook-Cambridge Analytica scandal caused a massive privacy uproar, as the social network’s lax privacy control jeopardized personal information of tens of millions of citizens. Do note that it targets more than just social networks or companies similar to Google, it applies to everyone with a digital presence including banks, insurance companies, and other institutes that get entrusted with public data.

This means that UK-based digital companies will have to do a complete policy change to avoid fines and to comply with their new national law.

Does it Affect Pakistan?

Yes, it does.

The reason for this is that besides binding EU-based entities that deal with public data, GDPR is also applicable to all companies that store, collect, process, or deal with information on EU citizens – this includes non-EU companies as well that reside elsewhere – so no matter where the company operates from it still has to do a complete policy overhaul.

To avoid fines and legal action in the European Union, such companies will have to change the way they handle public information, which is why most major online services such as Google, Facebook, and Twitter which have users in the EU will get affected. The only difference is that as a non-EU citizen, you won’t get to file complaints against companies you suspect of abusing public data.

Newly introduced privacy policies and reforms for every customer – no matter the geographical location – will be covered. If you check your email, you might have received emails from online services that changed their policies with respect to the GDPR. All in all, it’s a global change and as Mark Zuckerberg said, “a very positive step for the internet.”

What Exactly is GDPR?

The General Data Protection Regulation is meant to give EU residents more insight and control over their data that is handed over to companies to avail services. Online services more than often exhibit poor privacy control, even the large multi-national ones, which is why the government implemented these changes to protect citizen rights.

It defines the scope of “personal data”, and sets a guideline for businesses so that they can continue to provide their services while being careful when dealing with the users’ personal data. Companies are now required to hear out the preference of their customers, and can be forced to change the way they deal with that data if a customer objects. Moreover, companies are required to inform each and every user of a data breach within 72 hours.

It also binds entities to provide to its customers, especially EU residents, the privilege to delete, monitor, and correct his or her data on demand.

What it Means For the Internet

Most social media companies, including Facebook, have updated their privacy policies. They are now bound to provide privacy control features to their users. The GDPR covers your names, identification numbers, and your online activity as well.

We did a previous post which highlighted the amount of data Facebook stores per user, it included a number of items including call logs, SMS activity, page visits, IP address, interests, and even private messages.

These networks also track your real-time location for suggestions and advertisement, Google has a complete timeline of places you have visited ever since you signed up for an account, it was a shocking revelation for most of the people as the companies never actually notified if the data was being used this way.

All of this is covered by the GDPR, users will now be able to stay in touch with their online data as the companies will now notify and ask for permission before getting access.

In the EU, GDPR supervisors will be spread throughout the region and closely monitor public data. Of course, residents will also be able to file complaints to the supervisor in their own state. Non-compliant companies will face severe fines, at higher of 20 million euros or 4 percent of their last financial year’s annual revenue.