Unless you somehow manage to avoid any discussion about online privacy, you will have heard GDPR mentioned. GDPR stands for General Data Protection Regulation, and is a new European Union-wide data protection system. So long as you do any business with an EU citizen, you are expected to adhere to these new rulings.
What is it, though? And what does it matter?
Let's take a look at what GDPR is - and what it is not. It's a very confusing piece of legislation but, in the end, is pivotal to a safer internet.
What is GDPR?
It's a set of new rules and regulations which puts the power back into the hands of the consumer, the folks at Casipy have an interesting infographic on the subject which you may want to check out. You see, before May 2018, if you use a website, you were basically giving them free reign to do as they please with your data.
Privacy policies and similar were vague or, worse, extremely long and complex. They would make it so complex that most would just hit Agree and hope for the best. That's a big problem, though, and would often cause more than its fair share of issues as time goes on.
It also led to various data breaches and privacy issues. Data that was supposedly safe and secure now wasn't so safe, and our very privacy and details were made for sale. If you wanted to use a certain site or service, though, it was either bite the bullet or face the consequences later on.
If you want to avoid that issue, you had to stop using the site. With GDPR, however, this is coming to an end. You now have total control over:
- What you provide a company with.
- How they can use that information.
- What right you have over the usage of said information.
- When and how the information is accessed.
- How the company who holds the information can contact you.
This means you once more have total dominion over your own personal data. Now, companies need express permission to use your information. A failure to do so could see a company fined as much as €20m by the EU.
It's a major legislative change, and will mean we no longer need to give companies permission to use our data in ways we wish that they could not. That, make no mistake, is a very good thing and can only benefit customers and users.
Common GDPR misconceptions
One of the biggest misconceptions about GDPR is that it puts small businesses at risk. Basically, so long as you are legitimate in how you use your data and you are more transparent, you should have little issues. GDPR specialists can evaluate your in-house policies and systems to build a more cohesive structure meaning that you can avoid running risk of any GDPR faults.
Also, this is not something that crept up on us. Many say they had 'no time' to get ready for GDPR: this is absolutely not true.
GDPR was coming for a long time, and there was absolutely nothing that could be done to stop it. With several years of discussion and a cut-off point for getting GDPR ready of May 2018, though, there was ample information about it coming.
Another mistaken claim about GDPR is that it kicks in immediately and is quite a dangerous issue. This is not the case. You will be given ample warning about the issues at hand, and if you are not complying with GDPR standards then they will let you know about it.
You will get a couple of warnings long before a fine would be handed out, though. Anyone suggesting that a first offence GDPR fault would see you fined so much money is just drumming up paranoia. This is not a negative system: the only people who will be hurt by GDPR are negligent businesses who do not pay attention to the importance of data privacy.
The internet has grown at such a scale and pace over a short period of time that it has become quite lawless. Tools like GDPR help to fix that and re-balance the scales, so to speak. That will be essential for long-term progress and safety for all online. Don't treat GDPR as the enemy: stick to its system, and it will very much be your friend.