Beginning from May 25th, 2018, companies which operate in the European Union have to adhere to the GDPR. Coursedot has a special quick and easy guide to provide the basics of GDPR. This is the second part of the series. The first part is right here.
Now, let’s continue with the second part.
The Need for Regulation
Over the past few years a lot has been said about data collection by online services and social media. The topic has been treated as something new, but it really isn’t. Online data collecting has been a thing for a very long time. From the moment you are connected to the Web, you’re sharing data. This is not to scare you. It’s normal, but people are just now starting to realize this. With that said, over the last few years there has been a huge jump of the amount of data being collected. Even flashlight apps for mobile phones collect some data (how normal is that is another question). Long story short, every moment you’re online, some app, service or software is collecting some sort of data about you.
Obviously, users who just find this out aren’t that happy about it. It’s not a good feeling to know that some algorithm out there knows so much about you that it can choose what type of dinner you would prefer during your future trip to a new city.
Of course, then comes the question of what actually happens with the data that is collected. Up until now people were relying on the good word of the company which collects their data that everything is going to be fine and the data is secure. For the most part, that is actually the case. A data breach or data misuse could seriously hurt the reputation of a company, so most of them are making sure they are doing everything they can to keep users’ data safe.
Time to change things
But there are still issues. There are entities that collect as much data as they can for the sole reason to sell it to marketers afterwards. Hackers often try to lure users to share their data with legitimate looking apps and sites. There are also a lot of unknowns about what actually happens with the data. Most companies don’t really give users enough information about what data they collect, how they store it, for how long they keep it and how they use it.
No matter what companies say, users have the perception that something is not right. They want more information about what happens with their data and why. In order to give them that information and make sure data in the future will be taken good care of, the European Union (EU) created and introduced the General Data Protection Regulation (GDPR). It’s a result after an EU investigation which concluded that the way businesses collect information has to be changed and regulated.
The Regulation is coming
The GDPR will come into permanent effect on May 25th, 2018. It applies to all companies which are selling, collecting or storing users’ data and offer their services in the EU. The GDPR is mandatory for all member states and they have to implement it into their local privacy laws.
The GDPR aims to answer the concerns about what happens with user data. It also gives people more control over their own data and takes away some control from the companies.
Sounds great, right? The problem is just as people don’t know what happens with their data, companies don’t know what to do with GDPR. The EU sadly hasn’t done as much to bring light to GDPR for companies. Instead, it focused on consumers and made sure they know that from May 25th, 2018 they have more control over their data. As a result, the vast majorities of professionals had or have issues understanding what they have to do.
Next up, we will take a look at the GDPR in a nutsheel.