EU General Data Protection Regulation for uniform data protection
On 25 May 2018, the new EU General Data Protection Regulation (EU GDPR) will enter into force. It replaces the EU Data Protection Directive (Directive 95/46/EC) which has been in force since 1995. With the new basic data protection regulation, data protection within the European Union is to be harmonized and made more transparent for companies and private individuals. The focus here is on giving individuals more control over their personal data. Companies should familiarize themselves with this privacy policy, otherwise they will face high fines for non-compliance.
Focus on the Internet user
With the entry into force of the EU General Data Protection Regulation, Internet users will in future be able to access their data more easily and more quickly. They also learn what data and information is collected about them and what happens to them in the end. The consent to the processing of personal data is increased from 13 to 16 years. Previously, minors were able to sign up for various Internet services such as Facebook, Twitter or Google at the age of 13. In future, this consent will only be given at the age of 16.
EU General Data Protection Regulation also applies to US companies
The new regulation also applies to companies that have their headquarters in the USA but offer their services throughout Europe. US companies can no longer refer to US law and thus avoid possible warnings and infringements. In addition, the previous fines will be increased. These can amount to up to 4% of the company’s worldwide annual turnover or 20 million euros.
Right to oblivion
With the new regulation, users will now be able to delete personal and published data even more easily. Especially if there is no consent for the use and processing of the data. This can be claimed not only against search engine services, but against any body that collects and processes personal data.
What is allowed?
In principle, no personal data may be processed unless the consent of the data subjects has been obtained. You can find out when data may still be processed here:
- Laws, e.g. BDSG, TMG etc.
- if data serves the fulfilment of a contract or legal obligation
- safeguarding the legitimate interests of a responsible person or third party
What is not allowed?
Processing data which is showing political opinion, religious or ideological beliefs, racial and ethnic origin, health data, sexual orientation, genetic data and biometric data (e.g. fingerprint, voice recognition, etc.)
How do companies comply with the GDPR?
But what is to be done now? Website operators and online shops must adapt their existing data protection guidelines. Firstly, it must be transparent, easy to understand, precise, more easily accessible and must indicate the basis on which the data is processed. Companies should turn to a legal advisor, as the above requirements are likely to cause the most problems. On relevant pages such as eugdpr.org you will find further information on the new EU General Data Protection Regulation.