GDPR Is One Of The Most Significant Data Overhauls In History

It Might Be Clogging Up Your Inbox, But GDPR Is One Of The Most Significant Data Laws In History

You’ve probably heard a lot about it (or at least ignored it) in your inbox, but today’s the day! What day, you ask? Christmas? No! It’s GDPR day, of course.

The GDPR (full and wonderful title ‘General Data Protection Regulation’) came into force on May 25, 2018 and is one of the most significant overhauls of data protection rules in history. But what does it mean for our human rights and why should you care?

Back Up, What Is GDPR?

Image Credit: Giphy

First up, what actually is the GDPR? Well, it governs when our personal data can be lawfully collected, stored and used by others. Personal data means “any information relating to an identified or identifiable natural person.” This includes your name, location data, IP address, photograph, job title, or political opinion.

It gives us significant empowerment over whether, how, and when our data is used.

Whilst it may not have the snappiest title, the GDPR matters. The recent Cambridge Analytica scandal brought into sharp focus how things can go wrong when our data is misused.  So it’s important that our right to privacy under the Human Rights Convention and the more specific fundamental right to protection of our personal data (under the EU Charter of Fundamental Rights) can be upheld in practice.

This is where the GDPR comes in. It will protect these rights more fully by expanding on the old EU law on data protection and ensuring regulation is harmonised across the EU. It gives us significant empowerment over whether, how and when our data is used.

We’ll Have More Control Over Our Data

Image Credit: Pixelcult / Pixabay

Under the GDPR, if organisations want to rely on our consent as their basis for processing our data, it must be “freely given, specific, informed, and unambiguous”, in the form of a statement or affirmative action.

This means consent cannot be implied from silence or a failure to opt-out (by, for example, unticking a box).  We should, therefore, get greater control and awareness over how our data is being used.

This complements other rights protected under the GDPR, including the right to access, rectify, erase and object to the processing of our data, as well as the right not to be subject to automated decision making (including profiling). 

Our Data Will Be More Secure

woman in the gym is strong like GDPR

Image Credit: Scott Webb / Unsplash

The GDPR introduces increased security requirements. It means those processing data must adopt “technical and organisational measures” for security purposes, such as pseudonymization and encryption. The new rules also require that data should only be used for the purpose for which it was collected – this means that companies cannot hang onto our data  “just in case” they need it later.

And when the security of our data is breached, such as in the case of a ransomware attack, the relevant data protection authority (in the UK that’s the Information Commissioner’s Office) must be notified straight away. Where the breach is likely to result in a “high risk” to fundamental rights, the individuals affected must also be informed.

This will increase transparency around security breaches, and stop businesses from keeping such incidents secret or being slow to disclose them.

It’s Easier To Enforce Our Rights

Image Credit: Giphy

The GDPR significantly increases sanctions for non-compliance. Breaches of some provisions of the new rules can result in fines of up to €20 million or 4 percent of a business’ total worldwide turnover for the previous year.

It will also be easier for individuals like you and me to bring claims for breaches, including under a provision that allows individuals to authorise not-for-profits to take cases on their behalf. This means we could see class actions being brought to enforce our rights under the GDPR.

The increase in penalties, coupled with greater access to justice, should incentivise greater respect for data protection rights across Europe.

What’s more, the effects of the GDPR do not stop at Europe’s borders. For the first time, EU data protection law will apply to companies with no business establishment in the EU when they either monitor the behaviour of EU residents or offer goods or services to them.  This means organisations based outside the EU (such as overseas social media platforms or website hosting providers offering their services to EU citizens) will face greater accountability.

The full implications of the GDPR are yet to become clear. But there is no doubting its potential for enhancing our right to privacy and our fundamental right to protection of our personal data.  Here’s hoping it delivers on that potential.

Featured Image: Teddy Kelley / Unsplash 

Help us increase understanding and support for human rights in the UK.

Donate
About the Author

Nani Jansen Reventlow

Guest Author
Nani is the Director of the Digital Freedom Fund. She is a recognised international lawyer and expert in human rights litigation responsible for groundbreaking freedom of expression cases across several national and international jurisdictions. Nani is also an Associate Tenant at Doughty Street Chambers and an Affiliate at the Berkman Klein Center for Internet & Society at Harvard University. Nani is based in Berlin. View all posts by Nani Jansen Reventlow.

Jonathan McCully

Guest Author
Jonathan is the Legal Adviser to the Digital Freedom Fund. He previously held a senior legal role at an international non-governmental organisation, working on strategic litigation before international, regional and domestic courts. Jonathan is also Editor of Columbia University’s Global Freedom of Expression Case Law Database, and has published widely on freedom of expression, privacy, open justice, human rights and intellectual property. He is based in London. View all posts by Jonathan McCully.
It Might Be Clogging Up Your Inbox, But GDPR Is One Of The Most Significant Data Laws In History
Share this: