What Is the GDPR, and Why Does It Matter?

What Is the GDPR and Why Does It Matter

Safety and privacy have been two of the people’s main concerns since the dawn of time. However, never has the concern been as serious as it is now. But why is that? Well, things have changed in the previous years. The Internet has given us tremendous access to everything. Even more terrifying, online tracking tools have come into play recently. 

With all these web tracking tools and software, how can you make sure that you are safe?

Some of you might know that the EU’s data protection law came into force on May 25, 2018. The General Data Protection Regulation, known as GDPR, is one of the most crucial acts of European data protection legislation that has been introduced in the European Union (EU). GDPR has replaced the 1995 Data Protection Directive. You can access the whole document here.

What Does the GDPR Regulate?

The GDPR impacts how businesses gather and process data. It monitors how the personal data of individuals in the European Union is gathered, stored, transferred, or used. Under the GDPR, “personal data” broadly covers any information regarding an identified/identifiable individual, known as “data subject.” It gives the data subjects more control over their data by regulating how companies process personal data. 

The GDPR imposes more significant fines in the case of breach of provisions. Individuals’ privacy rights are valued more. There are some general provisions, and there are some others that are under debate in more detail.

What Is Personal Data Exactly?

Personal data is defined as information that relates directly or indirectly to a living person, permits the subject’s identity to be ascertained explicitly or implicitly, or is in a form that can be accessed or processed, according to the Personal Data (Privacy) Ordinance (the PDPO). Corporations that perform online monitoring on their websites, which leads to collecting personal data from website users, must follow the PDPO’s six Data Protection Principles (DPPs). You can find the six principles here.

What Rights Do the Data Subjects Have Under the GDPR?

The GDPR provides data subjects with eight fundamental rights, in addition to some supplementary rights. They are as follows:

1. Right to Be Informed

This right entails entities being honest about how they use personal data and informing data subjects about it.

2. Right of Access

Data subjects will have the right to know what personal data is stored about them and how it is processed.

3. Right of Rectification

Where practically practicable, data subjects shall have the right to have erroneous or incomplete personal data rectified/edited.

4. Right to Erasure

Also known as ‘the right to be forgotten,’ data subjects have the right to have their personal data permanently destroyed upon request, and they are not required to present a cause for the request.

5. Right to Restrict Processing

Data subjects have the right to request that their personal data be restricted from being processed.

6. Right to Data Portability

Data subjects have the right, if practically practicable, to keep and reuse their personal data for their own purposes.

7. Right to Object

In some instances, data subjects have the right to object to the use of their personal data. This includes when personal data is used for direct marketing, scientific and historical research, or the fulfillment of a public-interest activity.

8. The Data Subject Right Not to Be Subject to a Decision Based Solely on Automated Processing

Data subjects have the right to avoid being a part of automated processing decision-making, including profiling, which has legal consequences for them or has a comparably substantial impact.

What Are Some Changes the GDPR Brought into Effect?

The GDPR brought some critical changes into effect. Below, you can find some of the important ones:

1. Expanded Rights for Individuals


The GDPR offers expanded rights for people who live in the EU. People can ask to be forgotten. They also have the right to demand a copy of any stored pieces of personal data.

2. Compliance Obligations

The GDPR demands companies to use suitable policies and security protocols. Additionally, companies must conduct privacy impact assessments and keep thorough records of data activities. Entering into written agreements with vendors is another requirement of the GDPR.

3. Data Breach Notification and Security

The GDPR requires companies to send reports of data breaches to data protection authorities. Under specific conditions, they should report directly to the affected data subjects.

4. Increased Enforcement

In case of breach and incurred damages, companies can be fined up to the greater of €20 million or 4% of a company’s annual global revenue. Additionally, the GDPR assigns a lead supervisory authority to companies operating in multiple EU member states for cross-border data protection issues.

What about Companies Outside of the EU?

Well, they should be aware of the GDPR. The provisions of the GDPR apply to any company handling personal data of people in the EU, regardless of the physical presence of the company in the EU.

Cyrus
Cyrus
Share This Article