Internet usage and the amount of data you share every time you go online is at an all-time high and will continue to rise. Whether through online shopping, social media or a simple search engine query, you are leaving information about yourself behind. This comes with risks, from your data being sold to the highest bidder without your knowledge and profiling, to online abuse and identity theft.
The General Data Protection Regulation (GDPR), which entered into application on 25 May 2018, makes data protection a reality by ensuring a harmonised approach across the EU, Iceland, Liechtenstein and Norway (EEA).
What changed for you?
Stronger rules on data protection mean people have more control over their personal data. The new data protection rules give you more control over your personal data and improve your security both online and offline.
• Clear indication of consent and higher transparency: When organisations need your consent to process your personal data, they will have to ask you for this and clearly indicate for which purposes your data will be processed.
• Right to receive clear and understandable information: You have the right to know who is processing your data, what data is being processed and why.
• Right to access your data: You have the right to request access to the personal data an organisation has about you, free of charge, and to obtain a copy in an accessible format.
• Right to object: If an organisation is processing your data, you may have the right to object. In some circumstances, such as scientific research, public interest may prevail. You always have the right to object to receiving direct marketing communication.
• Right to correct your data: If you believe the personal data held on you might be incorrect, incomplete or inaccurate, you have the right to request a correction.
• Right to erasure: You have the right to ask to delete your personal data, when you no longer want it to be processed, and when there is no legitimate reason to keep it.
• Right to data portability: When moving from one service provider to another, you have the right to request that your data is returned to you in an easily transmissible format or, if technologically feasible, directly transmitted to your new provider.
Please note, however, that exceptions to these rights may be foreseen in the GDPR or in national laws.
A new level of cooperation between European regulators
The European Data Protection Board (EDPB), a new independent EU body, brings together all supervisory authorities in the EEA, as well as the European Data Protection Supervisor. The EDPB contributes to the consistent application of the GDPR by:
• providing general guidance;
• promoting cooperation and the exchange of information between the EEA SAs;
• ensuring consistency of the enforcement by the EEA SAs;
• advising the European Commission on any issue related to data protection.
Stronger enforcement of your data protection rights
Enforcement lies with the EEA SAs, who saw their enforcement powers significantly increased with the entry into application of the GDPR. They are now able to impose fines up to 10 or 20 million EUR or 2 to 4% of an organisation’s worth, depending on the seriousness of the infringement.
Do you think your data protection rights have been violated?
You can contact the organisation holding your data, contact your national supervisory authority, or go to a national court. Supervisory authorities can conduct investigations and impose sanctions where necessary. You can find the contact details for all EEA supervisory authorities on the EDPB website.
Do you think your data has been lost or stolen?
The GDPR puts in place clear procedures in case of a data breach. If a data breach poses a risk, companies and organisations holding your data have to inform the relevant data protection authority within 72 hours or without undue further delay. If the leak poses a high risk to you, then you must also be informed personally.
