General Data Protection Regulation (GDPR)
On the 25th of May 2018, GDPR became law. GDPR replaced existing laws to protect the rights of EU citizens.
The new General Data Protection Regulations exist to protect us all. For years legitimate and criminal organizations have been misusing personal data. The so-called legitimate businesses buy and sell personal data. Companies use the data for marketing purposes, including traditional mail campaigns, telephone marketing, and unsolicited commercial email (SPAM).
Gathering information has been underhand and dishonest, using default opt-in settings on web pages and making users opt out. Options to share data with “trusted partners” means selling personal data to the highest bidder.
Users will have to opt-in to share their data, and companies won’t be allowed to assume one opt-in means the user has opted-in to share all their data for life. Organizations must disclose what data they have stored about an individual and delete it if requested.
Companies are responsible for keeping personal data safe. We have all seen stories in the news where government agencies and the police have lost data by leaving a laptop on a train or having it stolen from a car. Laptops and memory sticks are especially vulnerable and need encryption.
GDPR in the real world
These new regulations will be a legal minefield of conflicting interests where tax law and GDPR conflict and where the practicalities make compliance very difficult.
There will be problems where requests to remove backed-up data are impractical, and it is restored unintentionally.
Individuals won’t know who holds their data because of past abuses.
Corporate lawyers will be rubbing their hands as GDPR will be a real money-spinner.
Criminals won’t notice this anyway, as most operate outside of Europe and are criminals, so they ignore the law. So don’t expect the SPAM and marketing materials to stop.
The government says the fines won’t be the first resort to ensure compliance.
It seems unlikely the government will have the resources to enforce this on day one, if ever.
Visit the official EU GDPR website.