The European Union (EU) Parliament adopted and approved General Data Protection Regulation a.k.a. GDPR in April 2016. The transition period took 2 years, and it officially went into force in May 2018. GDPR is all-encompassing; all organizations that are located outside of the European Union, or within the European Union and offering goods/services to EU data subjects are subject to this regulation. It’s important to point out that GDPR is not restricted to EU member countries. If your organization is doing business with EU data subjects – regardless of where your base of operations is, you fall under the broad umbrella of GDPR directives.
It’s not only sales of goods and services that comes under the scope of GDPR directives, it’s also the behavior of companies vis-à-vis EU data subjects. For example, any company based in the EU or outside of it that is involved in monitoring the behavior (data analysis, marketing initiatives, advertising etc.) of EU data subjects also falls under the purview of EU law. Companies that attempt to skirt this important legislation will be subject to punishing fines amounting to 4% of annual turnover, or a maximum fine of €20 million. The point of this new legislation is to provide clear, concise guidelines for customers that are interacting with company websites.
Explicit Consent is Mandatory – Or Else!
Every customer must give explicit consent to the company that is providing goods or services, or monitoring/behavioral services related to EU data subjects. This personal data involves any and all aspects of a user’s personally identifiable information. This includes IP addresses, shopping patterns, names, birth date, ID, geolocation tracking, technological preferences et al. The legislation goes into detail about the differences between data controllers and data processors. The legislation is such that it requires demystifying all the terms and conditions, privacy policies, and consent forms that companies typically require users to simply mark as checked. Now, thanks to GDPR legislation, all information must be clear and concise. Ambiguity must be removed from the terms and conditions, and everything must be presented in an easy-to-read format. For those who believe that this is a directive (a goal for EU countries to aspire towards), think again. GDPR is a European Union legislation that is applicable and enforceable across the EU and for all countries that deal with EU data subjects.
Such is the gravity of the new legislation, that businesses which are involved in the monitoring of EU data subjects, public authorities, or large-scale entities that process sensitive personal information must appoint data protection officers to be compliant with GDPR directives. The wheels were put in motion as early as January 2012, when the EC (European Commission) began seeking ways of enacting data protection reforms. The reason the legislation was enacted to begin with is to give people greater control over their privacy online. The ubiquity of information dissemination on the Internet is overwhelming.
Social media sites farm our information for marketing purposes daily. This information also includes our personal financial information such as credit cards, and other sensitive banking -related details. Compliance with the new legislation is a complex procedure. Every company will entrust the security of its servers and information to a data compliance officer. Failure to do so will result in stiff penalties. Liability for failing to secure, store, and manage data effectively could hamstring the operations of companies. GDPR has come into effect since May 25, 2018 across the EU.
Accessing Content from Companies that Are Non-Compliant with GDPR
With a VPN, you can show your IP address as being in the country you need it to be from, in order to access the LA Times, The History Channel, or the Baltimore Sun. Geolocation blocking is used by companies to prevent people outside of an area from accessing the content. However, if your IP address indicates that you are in the geographic area, you will be able to access content that is now banned. Many of the top VPN and proxy servers are located outside of the EU, and you can use them to fast-track your browsing via reliable connections with strong encryption protocols. This is one way to bypass the new restrictive elements of GDPR.
How will GDPR Affect You?
Thanks to this new regulation, customers will be informed whenever their data has been intercepted. All companies, organizations, and public entities that engage with EU data subjects for goods and services, or behavioral research etc. must notify national authorities once a hack occurs. EU nationals will be able to use the long arm of the law to ensure that abuse of personal data it is not possible. Companies will contact customers to verify whether they wish to remain in the company’s servers/database. If customers don’t want to be a part of any of this, they can simply opt out. Consent is required in all circumstances. Another important tenet of the new regulation is that customers have a right to be forgotten. If you don’t want any of your personally identifiable data processed in any way, you can have it deleted.
Since May 25, 2018, EU subjects have received scores of emails from companies asking them to comply with the new privacy rules and procedures. If customers give consent, companies will be allowed to store their data. GDPR will have a strong effect on technology companies such as Facebook, Google, Apple, and the like. Since people will be in control of their privacy a lot more than ever before, big changes are required from the world’s leading tech enterprises. For an individual, GDPR has far-reaching implications. You can decide to withhold your consent from a company, whenever they try to use your personal information for their own reasons.