GDPR explained: How the new data protection act could change your life

Channel 4 News

23 May 201805:40

Summary

TLDRThe General Data Protection Regulation (GDPR) is a major overhaul of EU data protection laws, giving people greater control over their personal data. Companies must now seek explicit consent to store and process personal information and face hefty fines for non-compliance. The regulation also introduces new rights for individuals, including the right to access and the right to be forgotten. GDPR impacts not only EU citizens but also global companies handling EU data. While it's seen as a step toward greater accountability, critics argue it may burden businesses and contain loopholes that allow big companies to evade full responsibility.

Takeaways

😀 GDPR is a major shake-up in data protection laws, giving people more control over their personal data.
😀 The GDPR requires organizations to prove they have a lawful reason to collect personal data and ensure its safety.
😀 Companies must get explicit consent from users to store their data, and this includes sending confirmation emails.
😀 If users don’t respond to these consent emails, companies are required to delete their data from their systems.
😀 GDPR includes serious penalties for companies that fail to comply, such as fines up to 4% of their annual turnover.
😀 Consumers now have the right to access their personal data and can demand that companies hand over all information they hold on them.
😀 GDPR grants the 'right to be forgotten,' allowing individuals to request the deletion of their data in certain cases.
😀 Certain sectors like hospitals, governments, and journalism are exempt from the 'right to be forgotten' rule.
😀 The UK plans to adopt GDPR rules, regardless of Brexit, and the law impacts companies worldwide that handle EU citizens' data.
😀 GDPR is a step toward rebuilding trust between big companies and consumers, especially after scandals like the Cambridge Analytica incident.

Q & A

What is GDPR, and why is it considered a major change in data protection laws?
-GDPR (General Data Protection Regulation) is a new set of data protection laws that gives individuals unprecedented control over their personal information. It is considered a major change because it requires organizations to be more transparent about data collection and usage, and it imposes strict penalties for non-compliance.
How does GDPR impact the way companies store and handle personal data?
-Under GDPR, companies must prove they have a lawful reason for holding personal data and demonstrate that they are keeping it secure. If they want to store your information, they need your explicit consent, and they must be more transparent about how they use your data.
Why are companies sending so many emails about GDPR recently?
-Companies are sending these emails to confirm that you consent to them storing your data, such as your name and email address, in compliance with GDPR. If you don't respond to the emails, the company should delete your information from their systems.
What happens if a company fails to comply with GDPR regulations?
-If a company fails to comply with GDPR, they could face significant fines, with penalties reaching up to 4% of their annual turnover. For large companies, this could result in billions of dollars in fines.
What rights does GDPR give individuals regarding their personal data?
-GDPR gives individuals several rights, including the right to access their personal data, the right to have their data erased (the right to be forgotten), and the right to be informed about data breaches within 72 hours if their information is compromised.
Can individuals delete all their personal data under GDPR?
-Under GDPR, individuals can request that their data be erased in certain circumstances. However, this right does not apply to all data, as certain entities such as hospitals, government agencies, and journalists are exempt from this rule.
How does GDPR apply to companies outside of the European Union?
-GDPR affects companies worldwide if they handle the personal data of EU citizens. Even businesses based outside the EU must comply with GDPR if they store or process data of individuals in the EU.
What is the significance of the Cambridge Analytica scandal in relation to GDPR?
-The Cambridge Analytica scandal, where Facebook data was misused to influence elections, highlighted the need for stricter data protection laws. GDPR aims to prevent such misuse of personal data by enforcing stronger consent requirements and transparency.
What are some criticisms of GDPR?
-Critics of GDPR argue that the regulations are too vague and have loopholes that may allow large companies to continue hoarding personal data. Some also believe that compliance with GDPR may burden businesses with additional costs for new staff and administrative overhead.
How could GDPR influence the future of data privacy globally?
-GDPR could set a global precedent for data privacy regulations, encouraging other countries and regions to adopt similar laws. It represents a shift in how personal data is handled, aiming to rebuild trust between companies and individuals and increase accountability.