After four years of negotiations, the European Union has finally passed the General Data Protection Regulation(GDPR). This new directive is designed to give EU citizens more control over their data, as well as impose more responsibilities and tougher penalties on companies who misuse or mishandle personal data. Many EU members already have laws to protect personal data, but this new regulation is stricter and carries a much tougher penalty than anything that is currently implemented.
The GDPR establishes three rights for EU citizens in relation to companies which collect and store their data. The first is the right to “be forgotten.” People in the EU can now ask a company like Facebook to delete any data the company has collected on the person. The second right is the right to “be notified.” Now companies will be required to give more comprehensive notifications to individuals if they process their data. The third right is the right to “data portability.” This gives individuals the right to switch their data from one service provider to another. This would allow individuals to, for example, keep the same contact list after switching to a new email provider.
In addition to these rights, the law also imposes responsibilities on companies to make sure these rights are protected. Companies must keep track of data in a way that is easily auditable. Companies who handle a significant amount of personal data must appoint a data protection officer. Companies who do not comply with these regulations will face a fine of up to 4 percent of their global income from the previous year or €20 million($22 million), whichever is greater.
This new law is likely to have a major global impact, as it will affect any company that conducts business in the EU, regardless of where the company is based. Major players like Facebook, Google, Apple, and Microsoft will have to abide by these rules if they want to continue to access the European market. The law will only be fully applicable in 2 years, which gives companies until 2018 to adjust their policies to comply with the stricter regulations. The final text of the law does not appear to be available online yet, but likely will be published in the near future.
Do you think this EU regulation is a good idea? Leave your comments below.