What Are Your GDPR Rights, and What Are the Penalties ?

GDPR Explained

By now you must have seen the deluge of articles and news reports on GDPR.  What is GDPR and what are your GDPR rights ? GDPR stands for “General Data Protection Regulation”.  GDPR is a series of laws spelling out the digital rights for citizens of the European Union. Many of the ideas outlined in GDPR came from the earlier regulation, and an even older set of principles called the Fair Information Practices, which covers the ways consumer information should be used. The only analogous legislation in the US is the California Consumer Privacy Act, which will go into effect in 2020.  While finally providing some protections for consumers, the California Consumer Privacy Act falls far short of the GDPR.

In Europe, though, GDPR represents one of the most robust data privacy laws in the world. It also gives people the right to ask companies how their personal data is collected and stored, how it’s being used, and request that personal data be deleted. It also requires that companies clearly explain how your data is stored and used, and get your consent before collecting it. “Personal data,” in this case, refers to things like a person’s name, email, and IP address, but also obfuscated information that could be traced back to them. People can also object to personal data being used for certain purposes, like direct marketing. If you buy a pair of shoes through an online retailer and start seeing ads for similar shoes, you should be able to ask the retailer to stop using your personal data for direct marketing purposes. Under GDPR, those and other rights are guaranteed.

GDPR Defined

European citizens are granted these rights by law, but some companies may also give them to people elsewhere. “Some companies may realize it’s better to just extend GDPR protections to all their customers, period, rather than one policy for European citizens and one policy for the rest of the world,” says Richard Forno, a cyber security researcher and the Assistant Director of UMBC’s Center for Cybersecurity. Microsoft, for example, announced that it would give all users control of their data under the new EU rules, including a privacy dashboard that lets any user manage their personal information. Other companies, like Facebook, are changing their privacy settings and tools for all users globally– but not giving all users the same rights to their data as EU users.

In addition, Companies in violation may be fined 20 Million Euros, or 4% of revenue, so this is certainly some legislation with some teeth to it.