GDPR and Your Information
25th May 2018
Simply put, the General Data Protection Regulation, or GDPR, is a set of rules designed to give residents of the European Union more control over their personal data. It gives users a series of rights over their data, and makes it easier to ensure that companies respect those rights.
Here at RIFT we are fully compliant with the GDPR. Its spirit was already in our DNA, and we worked hard to make sure that we not only comply with the new regulation but continue to provide our users with the highest level of data protection we can.
Here are the basics on the new rules:
Where's all this “personal information” coming from?
Pretty much everything you do involving the internet generates some kind of information. Your phone keeps track of your location, your streaming video services remember what you watch on them and so on. Every time you sign into an account to “like” a post or buy something, you're leaving a trail. Often, that trail leads straight back to you personally, and it can be used to build up a profile about you.
Is it dangerous to give my information online?
There's actually nothing particularly sinister about collecting personally identifiable information. A lot of sites, apps and services genuinely need it to work properly. Your satnav app needs to know where you are to get you safely where you're going, for instance. Banking apps keep track of your spending habits to keep you safe from fraudsters, while many firms just want to show you more useful adverts. It only becomes a problem when your data gets misused or stolen, and that's what GDPR is looking to tackle.
What is GDPR?
The General Data Protection Regulation system is a major shake-up of the EU's data privacy laws. It basically says that businesses and organisations have to protect your personal data and privacy. It's a single set of rules that will apply all across Europe, and aims to give you more control over your information. The “personal data” GDPR protects essentially means anything that can be used to identify you uniquely. That could be anything from a photo or email address to your bank details, online posts or IP address.
What does GDPR mean for businesses?
If a business has any presence in an EU country, or handles the data of EU citizens, GDPR will probably apply. The regulations mean businesses need to be clear and unambiguous when asking for consent to use people's data. No more long and jargon-rich nonsense paragraphs; just a full and simple request for consent.
On top of that, they’ll be expected to treat privacy and security as main concerns. That means ensuring they can fully protect personal data and act immediately if there's a problem. Customers will have the right to tell businesses if, how and by whom they want to be contacted – and to change their minds about it. They can even tell businesses to forget everything they know about them.
What about Brexit?
With the UK's withdrawal from the EU on the horizon, there are some questions to deal with about GDPR. Businesses will still have to protect the data of EU citizens, so all those rules will still apply. For businesses that only have UK customers, though, things get a little fuzzier. The government says it'll have a scheme of its own in place to cover that situation once we leave, but it's likely to be broadly the same.