Who has your name?
Who has your phone number?
Who has your location information?
If you are worried about all these questions and more, then knowledge of GDPR is just for you.
‘Privacy’ assumes more significance today than any other time. Social media and its different avatars have become more of a necessity for almost everything in life! In the process of moving from site to site and making purchases or doing various social media activities, a lot of personal data about an individual like name, address, gender, location are lavishly spread around. Social media organizations gather all this personal data and create a virtual persona of the person and share this data with other organizations too. This has released a big list of privacy issues in almost every sphere of our digital life.
The “GDPR” or General Data Protection Regulation” was enacted in 2018 to protect the processing of personal and the movement of data across different organizations in the European Union. The original article itself runs into 88 pages and has several chapters and articles.
The GDPR does affect organizations outside the EU since many are processing data pertaining to citizens of EU.
The most important terms when dealing with GDPR are:
a. Data subject
‘Data subject’ is the individual whose data will be processed. It could be the individual’s name, address, phone number and other personal information which will be collected as part of a business’s objectives.
b. Data controller
‘Data controller’ is a person or organization who is involved in decisions relating to processing of data.
c. Processors
Processors are entities that process data under the direction of the controllers.
Many organizations can be data controllers and processors at the same time.
GDPR places emphasis on several topics and some of them are listed below: All these points place emphasis on the data privacy of the individuals.
- Right to erasure by data subject( the right to be forgotten)
The data subject can demand that their data be erased without delay depending on various conditions(that is, “you” can demand that your data be erased from any organization’s servers without any delay)
2. Right to restrict processing of data
The data subject can demand(from the controller) that their data not be processed any further based on certain conditions(that is, “you” can demand that your data is not processed any further)
3. Data protection by design
Just like many other “by design” principles, “Data protection by design” ensures that only personal data that is absolutely necessary is processed.
4. Data breach notification
In case there is a data breach, the controller must inform the supervisory authority within a maximum time of 72 hours.
5. Data transfer
Data can be transferred to another country only if the controller and processor have provided appropriate safeguards.
6. Consent
Consent to process the data must be given freely, specific, informed and unambiguous by the data subject
7. Processing data
Personal data of any individual cannot be touched without their explicit permission. It cannot be processed, stored or transferred to other advertisers unless it is completely justified.
Fines for violating GDPR regulations are high. The lesser of the fines involves paying 2 million euros or 2% of the firm’s annual revenue from the previous financial year(whichever is higher)
Isn’t the GDPR an amazing piece of privacy regulation? 🙂 Here’s more to privacy and more control over personal data…
This post is for alphabet ‘G’ for #BlogchatterA2Z 2021 by Blogchatter
People who use social media need to understand GDPR since there’s always a chance of our privacy being compromised. Good information!
Yes, Varsha..GDPR protects the privacy of all individuals..
Very useful information Jayanthi. I have marked your posts to refer to later. Thank you.
Hmm.. waiting for such a regulation in India. All the third party data selling in the name of marketing and lead generation is worrisome.
Thank you for such a deatiled information about the most neglected topic
Is there a similar regulation in India?
Not yet…but Indian companies that operate in the EU must abide by this – so which effectively means they may have to work on this for other countries too…