The General Data Protection Regulation (GDPR), is the latest regulation with the governing data privacy initiatives by the EU and other governments. It gives its citizens greater control over how their personal data (email addresses, social media posts, names, photos, bank details, medical details, cookies, IP addresses etc) is collected and used and prevents its misuse.
Organizations or digital channels that collect personal data and other user information, in the form of cookies or IP addresses, of EU citizens fall within the purview of GDPR.
How does this regulation impact individuals who use digital channels such as online shopping, social media platforms or simple browsing in their day to day lives?
GDPR gives individuals the following key rights: –
(a) Right to Access: Consumers have the right to know what companies are doing with their data, how is it processed and for what purpose. Individuals can request, from the company, a full disclosure of how their data is being used and the tools involved in accessing this information.
(b) Right to be Forgotten: This gives the user the right to request that their data be completely erased (with the exception of order data) from primary and third-party systems. Requesting information should be as simple and as straightforward as giving the consent in the first place!
(c) Right to Data Portability: Individuals have the right to request information in a format which is easily readable (word etc) and can share this information with another vendor.
Facebook, for example, holds copious amounts of data about individuals and through the introduction of additional/ extended features could connect all the data for analysis and use. It’s vital that we as individuals understand the importance of our data and prevent its misuse, a classic example of which is the Cambridge Analytica case. This scandal bought to light how personal information of million’s of users was improperly shared for political gain through, for example, a personality quiz! It is important for individuals to take responsibility and protect their data from potential misuse.
A good way to start protecting your personal data when visiting websites is to restrict cookies that use data for analytics, advertising and functional services such as chat tools and surveys.
For example, when you visit a website you should see something like the following:
By clicking ‘’Personalize’ you can get further information on what you are actually giving consent for:
Organizations are now required to request an individual’s specific consent for the collection and use of their data and are obliged to erasure (deletion) of that data once the activity is completed. They are obliged to inform individuals of what personal data they hold about them, at any time requested, and the individual also has the right to withdraw consent, in whole or part, at any given time.
To summarise, data is key – companies realize the value of data, do you?
Authored by: Chetana Dwivedi