The EU General Data Protection Regulation or GDPR as you’ve likely head it called, is the regulation 2016/679 of the European parliament and of the council, which replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe
This regulation tightens Europe’s already strict law on about what companies can do with your data, gives you more control on your data and was passed as a regulation on 27th April 2016 — and was effective from 25th May 2018
There was a need for GDPR because the old laws Data Protection Directive 95/46/EC was written before smartphones became prominent. Smartphones collect lots of personal information that is in turn used for advertising of products you might be interested in. GDPR explains what’s personal information and extends to your IP address.
GDPR became quite popular due to the high penalties introduced for violations — which could be as much as 4% of the annual global turnover or €20 Million , whichever is greater.
So, what is personal information I hear you ask. This is described as any data that can be used to identify you as an individual and your location, the regulation also extends to your device IP address. There are also guidelines of what companies can and can’t do with your personal information, also there is clarity of what’s your data is being used for.
This regulations means that, there will be less of preselected checkboxes, and you as a user will always have to directly opt in on all the services that may be collecting your data.
GDPR has a huge impact on companies outside EU, including South Africa. This is because, if you are processing or collecting data for individuals from the EU, you need to be compliant or face the fine.
When do companies need to collect data?
GDPR states that, processing of information will be legal if any of the criteria below have been met.
- The data subject has given consent to the processing of his or her own data for one or specific purposes.
- Processing becomes necessary for the performance of a contract to which the data subject is party or for it to take steps at the request of the data subject prior to entering into a contract.
- Is needed for compliance with a legal obligation to which the controller needs to comply.
- It’s also necessary in order to protect the important interests of the data subject or of another natural person;
- Necessary for the duty of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Necessary for the purposes of the justified interests pursued by the controller or by a third party, except when those are overrides by interests fo the data subject.
Right to be Forgotten?
GDPR allows for full rights to individuals to request deletion of their personal information. The user can request for data to be erased under different circumstances.
More and more people are using ad blockers and the numbers continues to grow, with the number deployed globally surging towards 300million, costing publishers £22billion a year.
There’s enough evidence that blocking ads, and going incognito on the browsers are clear indicators people do not want to be stalked by targeted adverts.
Simon Carroll wrote in one of his blog posts ”The ad tech industry currently represents a model that is broken and leaking toxic waste into the rest of the data economy with damaging consequences for what otherwise promises be an exciting future”. I couldn’t agree with this more
It is important that organisations built a relationship with the customers, based on trust of which honesty, transparency and permission are solid foundations. That looks like a real opportunity.
If those consumers owned and held their own data as opposed to just exercising the control over it. That data becomes far deeper and richer for being brought together — an entire picture of the individual that epitomises a true reflection of me. When businesses can ask permission to use that data the opportunity becomes limitless.