European Privacy. What the GDPR is and why it matters.

The recent case of Apple vs FBI has brought about some interesting questions.

  • How much privacy should people be allowed?
  • Is privacy a divine right for every person?
  • Should companies be building backdoors for certain organisations to have hidden access to information?

All interesting talking points to be sure, but on our side of the atlantic the European Parliament has recently passed a new data protection ruling that allows stricter personal control over our own information. But with acronyms such as GDPR, DPD and DPO flying around it is easy to get lost in the jargon and miss exactly what this means for people like me and you.

In generalities the European Parliament has increased the level of privacy and protection allowed to European members and nationals. Meaning that any company, whether they're based and operate in Europe or not face hugely increased sanctions if found guilty of information trading or breaches of privacy. Sanctions that can cause fines of up to £20m or 4% of their worldwide turnover (whichever is more) if found guilty .

Now what is classed as personal or private information? Here are a few things that are now further protected by the General Data Protection Regulation (GDPR):

  • Your full name
  • E-mail addresses (Personal and Work)
  • Bank Details
  • IP Addresses
  • Anything posted on Social Networks
  • Medical Information
  • Photographs

If any of these things are sold, used or given to any company without the subjects knowledge and consent that company is then liable for fines and will be breaking European law.
One caveat to that is the niggling 'terms and conditions' small print we tend to ignore every time we sign up to a new account or download some new software.

Oftentimes, social media accounts and other organisations will write in a sample line such as: "By agreeing to these terms and conditions you are allowing 'company x' permission to use your photos etc" or "anything posted on here will become the property of 'company x'" so as always, just beware of posting anything on the internet that is particularly private to you.

Now here at Maven we certainly believe this is a good sized step in the right direction for individual privacy but there have also been subtle changes written into the GDPR such as changes to the 'right to be forgotten' ruling.

This has been morphed into the 'right to erasure' which now requires individuals to argue a case to have their personal data permanently deleted from an organisations database and erased from the web. This is different from the original rule inasmuch as the EU Parliament can now decline the individuals request if it deems the organisations interests are more pertinent compared to the previous ruling that required organisations to 'forget' an individual at their request.

And finally, seeing terms like 'European Parliament' might make you wonder about what effect the upcoming BREXIT referendum will have on this recently enforced regulation?

The answer is simple:
Nothing.

Whether we leave the European Union or stay in, the UK will still be subject to European Law meaning that all of the above will continue to apply to the whole of the UK.