What has changed?
Today, 51 % percent of the world’s population has internet access. No less than 2.46 billion people have created their own social media profiles – on Facebook, Twitter, Instagram, Linkedin, Snapchat, and the like. The amount of personal information shared on a daily basis is astronomical – and the internet doesn’t forget. From May 2018, GDPR (General Data Protection Regulation) will finally bring the rules on how organizations handle information into the 21st century of search engines, social media, mobile marketing, and biometrics.
This isn’t merely a tick box exercise. Instead, it’s a chance for companies to strengthen their customer relationships and rethink their attitudes to data. At the heart of the regulation is a requirement for organizations to practice ‘privacy by design.’ In other words, data protection principles should be embedded into the everyday culture of the business rather than seen as an afterthought.
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonize data protection legislation across EU member states, enhancing the privacy rights of individuals. It applies to organizations processing Personal Data which have an establishment within the EU, and also those organizations which operate outside the EU but offer goods or services to, or monitor the behavior of, individuals in the EU. GDPR is applicable from 25th May 2018.
Your rights in relation to GDPR
Overall, GDPR provides the following rights for individuals (many of which apply whatever the basis of processing, although there are some exceptions):
1. The right to be informed how personal data is processed
2. The right of access to their personal data
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
At Ocean.io, we work with data and, naturally, our focus has been, and continues to be, to ensure that we process data according to the lawful grounds set out in GDPR. European companies can’t avoid GDPR, but they can – like we have – make it work for them and their customers. The challenges introduced by GDPR are significant, but we believe the size of the opportunity matches them.