We are told that GDPR was created to regulate how businesses use data, ensuring it is the same across the entire EU. Although it will apply to smaller businesses as well as large corporations, recent stories, such as the Cambridge Analytica scandal, have demonstrated how big organisations such as Amazon, Google, Twitter and Facebook are not strictly complying to a single set of rules. Aloeride is excited about the GDPR and the strong data privacy and security principles that it emphasizes, many of which we instituted long before the GDPR was enacted. For instance, since 2010 we comply with American CAN-SPAM regulations, and we we would never consider unethical use of your data.
The Data Protection Act 1998, the UK’s interpretation of the EU’s Data Protection Directive 1995, wasn’t envisaged with – euphemistically called – contemporary uses of data enabled by the internet and cloud, with people exchanging their personal data for use of ‘free’ services provided by the likes of Google, Twitter and Facebook, and GDPR we are told aims to rectify this.
The second driver we are told is the EU’s desire to give organisations more clarity over the legal environment that dictates how they can behave. By making data protection law identical throughout member states, the EU believes this will collectively save companies €2.3 billion annually. It should make complying less onerous for businesses, with them only required to meet one set of rules, compared to dozens of different implementations of the EU’s Data Protection Directive 1995. EU beliefs brush over the fact that the world’s 500 biggest corporations are on track to spend a total of $7.8 billion to comply with GDPR. The Federation of Small Businesses claims that it will cost small businesses like ours on average £1,030.00 to achieve GDPR compliance.
A Bloomberg article on the topic notes that it will take years for Europe’s justice system to clarify what it all means. Courts are still debating current EU privacy rules, two decades after they were enacted. Wim Nauwelaerts, a lawyer with Sidley Austin in Brussels, says each country has enough discretion under GDPR that there could still be a lot of differences, forcing companies with operations across Europe to comply with multiple, potentially contradictory privacy regimes. “What was the purpose, then,” Nauwelaerts asks, “of having a GDPR in the first place?”
Your expanded individual rights under the GDPR are:
- Right to be forgotten: You may terminate your account at any time, in which case we will permanently delete your account and all data associated with it.
- Right to object: You may opt out of inclusion of your data in our data science projects simply by changing the Privacy Setting on your account.
- Right of portability: We will export your account data to a third party at any time upon your request.