The GDPR is all set to become a law soon. With its wide-ranging norms and privacy being the focal point, the regulation gives individuals a lot more power over their personal data.
It caters to complex questions like what personal data is collected, how it is being used, what happens when they want to remove consent, etc., hence empowering individuals with more data privacy. The new law will apply to all businesses not just based in the EU, but also those dealing with EU citizens.
Let us look at 10 key features of GDPR that will impact individuals and businesses:
1. Specific permission
Unless or until you give permission to an app or website to use your details in a specific way, they can’t use it for any other purpose or sell it to third parties.
2. Privacy by design
According to this feature when you sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of using that app or service.
3. Data portability
Here you get the right to ask for any data that a company has about you in a readable format so that you can reuse it.
4. Right to be forgotten
By giving someone your data does not mean they have the right to keep it forever, Under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data.
However the two exceptions are: a) It will not apply to information that there is a legal requirement to keep, such as medical records and; b) it is also a personal right to forget, distinct from the third party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines.
5. Definitive consent
There has to be a clear and affirmative consent before private data is processed. When the legislation was announced, the Parliament had clearly said that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
6. Information in clear readable language
It is the right of the individuals to get and read the information clearly. So, the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
7. Limits on the use of profiling
Often we see personal data is automatically used to access and analyse personal choices, predict a person’s performance at work, economic situation, health, location, behaviour, creditworthiness, etc. Under GDPR, profiling will be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and requires human intervention.
8. Everyone follows the same law
Now the regulation will ensure that everyone abides by the same rules. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3 billion per year.
9. One-stop solution
Hugely be beneficial for businesses as they will have to deal with only one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
10. Adopting techniques
The new rules promote techniques such as anonymization (removing personally identifiable information where it is not needed), pseudonymization (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.
Hence the new data protection rules not just give individuals a clear, effective information about how their data is being used, they also give businesses the opportunity to innovate and win back trust from consumers.