GDPR: What’s With all the Gosh Darn Privacy Reminders, Anyway?

GDPR. Again. Ugh!

Your inbox has been flooding with reminder after gosh darn privacy reminder. But… why are you being bombarded with privacy update emails?

The General Data Protection Regulation, or GDPR, came into effect in the European Union May 25, 2018. As a result, many companies are changing their privacy policies worldwide. Here’s what this means and how it affects you.

What is the GDPR?

If you’ve ever logged in to a website or used and app that does business in Europe, you’ve probably seen the acronym GDPR. You’re likely seeing it more now, when companies are contacting you to tell you about updates to their privacy policies.

These policies are governed by the European Union’s (EU) General Data Protection Regulation (GDPR). These new rules signal the first attempt to make privacy the default setting on the Internet. They’re designed to

• harmonize data privacy laws across Europe
• protect EU citizens’ data privacy
• reshape the way organizations across the EU approach data privacy

The GDPR affects not only organizations located within the European Union, but also organizations outside the EU if

1. they offer goods or services to EU residents; and
2. monitor the behaviour of EU residents

Regardless of a company’s location, the GDPR applies to all companies processing and holding the personal data of people residing in the European Union.

What does the GDPR mean for user data and data privacy?

The new GDPR rules require that companies obtain explicit permission from customers to use their data. Therefore, if you’re a business with dealings with the EU, the GDPR could alter the way you collect information online.

Businesses can’t use people’s information for additional, secondary uses unless they have the data subject’s consent. If users have shared their information to stay connected with family and friends, companies can’t automatically use that data for targeted ads.

Also central to the GDPR is the notion of data portability: if users switch companies at any point, they have the right to obtain and transfer their personal information. If users choose to invoke their “right to be forgotten,” companies have to erase users’ personal data, including what’s publicly available on the Web.

Are there penalties for non-compliance?

Companies who think they can simply look the other way have another think coming. Penalties for non-compliance are steep: companies breaching the GDPR can be fined four percent of annual global revenues or €20M.

Although the GDPR is intended to safeguard the privacy of those residing in the European Union, it also raises the bar for other nations, including Canada. Canadian privacy advocates are glomming onto the GDPR to seek updates to the Personal Information Protection and Electronic Documents Act (PIPEDA), our own online privacy law.

Want to learn more about the GDPR?

Still unsure about GDPR? Take another look at the emails you’ve been receiving and follow the links to the various companies’ updated privacy policies. If, among the deluge, there are messages from sites and web applications you don’t remember signing up for, this is your opportunity to unsubscribe and to let them know you don’t want to stay in touch.

You can also refer to the EUGDPR website for answers to frequently asked questions and other key information about the General Data Protection Regulation.

Finally, if you have questions about data privacy and keeping your information safe online, we can help. Contact us today for advice.