5 reason why the Normal Information Security Regulation is a milestone in data safety

Changed everyone’s thinking about how companies around the world collect and use personal data of EU citizens

on May 25,2018, and in many it seemed (then) definitely the Sun 28 Member States of the European Union. It was a chaotic day in the offices of many companies within (and often outside of) the European Union.

Up until this day, companies would send countless emails to their customers and customers asking them to consent to receiving their newsletter, something they had never asked for before that day. At the same time, without dedicated employees, many companies are trying to figure out what kind of data they actually have about their customers and how to organize and protect it in the future.

But what is this historical event?

On this day I issued the General Data Protection Regulation General Data Protection Regulation, essentially in force the way everyone thinks about the use of personal data by EU and non-EU companies that collect, process and store data from EU citizens.

Four years later, consumers in Europe are already expecting companies to comply with these regulations when they click the ‘accept’ or ‘agree’ button on their website’s terms and conditions (which, let’s be honest, hardly anyone reads), and off we go also assumes that the regulatory authorities will deal with the application of the regulation.

So what are the key changes?

Before GDPR, nobody really knew what kind of customer data companies they had. Did Facebook only store our name, phone number or email address? Has Google tracked our searches? What does Netflix know about us based on the content we watch? And how have these companies used this knowledge?

1. To answer these questions, the General Data Protection Regulation (GDPR) applies to a wide range of data collected:

  • basic identity information – name, address, identification number, religious affiliation, political opinion, racial or ethnic origin and sexual orientation.
  • Health data – health status, blood tests, COVID-19 vaccines, etc.
  • Communication: geolocation, IP addresses, web history, phone calls and SMS.
  • Other data such as bank details, shop details and app usage.

2. Businesses must respect the eight rights of citizens: the

  • right to be informed that their data is being collected and used, and for how long and how it is being shared. The information must be presented in simple and accessible language.
  • The right to access any data processed by the company, as well as the reason for collecting the data or from any source.
  • The right to rectification if some of the data is incomplete or incorrect.
  • Right to be forgotten, if at any time an individual withdraws consent given to a company to keep that data, when the data is no longer needed, or when it has been unlawfully processed.
  • Right to restriction of processing as an alternative to erasure. Users can simply request that their data not be used for specific purposes. For example, one could give permission to use the data to personalize content within the streaming platform, but not in marketing campaigns.
  • object to further data processing.
  • The right to transfer data. When a user wants to access their data collected by one company and transfer it to another company, the bottom line is: your data is yours. You can take it anywhere.
  • The right not to be stereotyped based on a series of statements containing characteristics that may determine behavior, beliefs, or other information.

3. It has global implications

One might assume that this regulation was a radical change for companies based only in the European Union, but the implications go much further. The General Data Protection Regulation (GDPR) applies to all companies that provide goods or services or process data in the European Union Any citizen of the European Union. Likewise, data from EU citizens can only be exported to (and used by) countries with similar data protection regulations.

As one of the three largest economies in the world, the European Union encourages investment from all directions and sets the General Data Protection Regulation (GDPR) as the minimum standard for operations in each of its 27 member states. Not surprisingly, data protection authorities around the world are making national laws to harmonize the rules that companies must comply with.

This is the case in Canada, Argentina, Brazil, Uruguay, Japan, New Zealand and more recently South Korea. In fact, Canada’s PIPEDA has been in force since 2001 and has given much soul to EU law in terms of establishing liability as a key legislative principle, but with one key difference: unlike Canadian law, the General Data Protection Regulation (GDPR) does not only apply to commercial actors, but also on government agencies.

However, the landscapes of the United States are a little more diverse. At the federal level, several laws regulate target areas such as HIPAA for health, FCRA for credit ratings, FERPA for education, GLBA for credit and investment data, ECPA for communications surveillance, COPPA restricts data processing for children under 13, VPPA for VHS rental records, or the FTC Act , which ensures companies comply with their data protection regulations. Only Five states have comprehensive privacy laws that are in effect or will be effective next year: California (CCPA and next “update” announced) CPRA), Colorado (ColoPa), Virginia (VCDPA), Connecticut (CTDPA), and Utah (UCPA).

4. A data breach must be reported within 72 hours of discovery.

One of the biggest changes introduced by the GDPR was the obligation for companies to report a data breach within three days of becoming aware of it. in comparison, datein the United States for reporting schedule

This requirement prompted companies to create proactive plans to remediate data breaches, rather than succumb to the temptation to wait too long and avoid a PR crisis. Although such incidents are common, citizens need to be aware that their data could be compromised in order to take action.

5. If some of these rules are not applied, there are fines

. Certainly not just empty words without meaningful consequences. The General Data Protection Regulation (GDPR) is in effect and as of May 23,2022, GDPR violations have resulted in 1,093 fines A total of 1.63 billion euros ($1.74 billion) and perhaps the largest “actions” were the news around the world, affecting the work of major tech companies.

2021 Amazon Fine of 746 million euros ($865 million), the highest amount ever, for targeted advertising without proper authorization. The case was brought against Amazon by Lux officials, where the company is based, according to French organization La Quadrature du Net A complaint on behalf of the 10,000 people who signed her petition. Also in 2021 Google is offering €90 million ($102 million) for not offering French residents an easy way to opt-out of cookies. (Cookies are partially regulated by Directive, but the General Data Protection Regulation (GDPR) applies as it governs how consent is handled.) Google Ireland and Facebook for the same reason.

Other well-known companies such as clothing brand H&MAir British higher tax office fined Adjust your data protection mechanisms.

You are in control of your data

This is one of the most common messages sent by many companies these days. This data gives you a strong feeling and shows that companies adhere to databases and data protection.

The General Data Protection Regulation (GDPR) was certainly an important first step in ensuring the security of our data. But the mere existence of this regulation shouldn’t stop us from wondering why we need to collect data. Why do companies need to know so much about what we do, where we go, or how we dress? What alternatives are there if we do not consent to the use of a certain part of our data? Can we find alternative services?

If many services and apps don’t mind giving us free access in exchange for our data, what is the true value of our data that could exceed revenue based on subscription fees?

This is definitely a conversation we’re all going to need sooner or later.