As you’re aware, the General Data Protection Regulation (GDPR) came into force last week. It provides the strongest protections the world has ever seen when it comes to consumer and user data. All companies have had to up their game when it comes to their technology – including Apple. Even Apple had to strengthen its safeguards in order to meet the extremely high standards set by the GDPR. The interesting part about the GDPR is that while it only applies to European Union citizens, it’s going to affect privacy standards globally. Why, exactly? Well, it gets extremely complicated when it comes to applying different data-handling processes in different countries. And it doesn’t only apply to EU citizens who are physically in the EU. It applies to them, regardless of where they are in the world.
What kind of protections does the GDPR offer? Well, we’re not going to go through all the separate 99 articles, but we will tell you this:
- In order to process the data, there must be a specific, lawful reason. The law sets out six acceptable reasons to hold your data. Which means, they have to be able to show one of the six acceptable reasons for holding the data or have your consent.
- Your personal data has to be encrypted. Even when you’ve agreed to let the company store your personal data, it must be stored in an anonymized or encrypted site. This is to ensure that if the company is hacked, your data is still safe.
- You have a right to a copy of your data. You do have the right to see all the data that your company has of you. In fact, Apple has recently met this obligation by providing a new privacy portal where EU citizens, along with those in the wider European customs union, can download a copy of all the data that they have on them; and,
- You can ask for your data to be deleted.
If a company breaches one of the requirements, the law will actually do something about it. For the most serious breaches, the maximum fine is 4% of the annual worldwide turnover for that company. Which means, they could be in a lot of hot water if they don’t adhere to these rules.
What does this mean for US citizens? Apple has said that it will offer the same protections to users in other countries but hasn’t yet given a deadline for this. Most companies who have said the same thing, have also been vague on their timing. But at least they’re heading in the same general direction – and it’s for the better. Facebook, however, has issued a much weaker statement indicating that they will offer similar protections to those in other countries, but not up to GDPR standards. Overall, I think that while the GDPR emails are extremely annoying, I think that these measures are incredible as it’s allowing individuals to know where their data is and how it’s being used. Many Americans have had the experience of dealing with data breaches recently, so I can only see this as being beneficial.