So how does the GDPR affect citizens of the EU and the users of companies that adopt the GDPR in general? Here are some highlights.
- Companies who collect any personal information from you must
- clearly disclose what data is being collected and how
- why it is being processed
- how long it is being retained
- if it is being shared with any third-parties
- You have the right to request a portable version of the data collected and stored about you in a common format that would be easy for you to read; in other words, they can’t send it to you in a file format that you would need to purchase expensive software to read
- You have the right to have your data erased in certain circumstances
- Any breach of data must be reported within 72 hours
- And any business who primarily processes personal data must appoint a Data Protection Officer (DPO) who is responsible for managing all this
Keep in mind that these regulations only legally apply to those individuals within the EU and companies who do business within the EU. However, since so many companies do business around the world and collect personal information to do so, there is a high likelihood that you will have many more ways to control how your data is stored and shared.
Be sure to not simply ignore all those updates to those privacy policies. It is worth taking a little time to review them. They should be much easier and clearer now in many cases due to the new GDPR regulations that take affect tomorrow in the EU.