General Data Protection Regulation (GDPR) is the European Union’s requirement on how businesses collect and use customer data. It came into effect on May 25th. European or international businesses that have customers there, must meet GDPR rules. This is great news, as home technology relies on many pieces from diverse providers. We’ve seen GDPR related emails from everyone from businesses like Google to bands such as the Arctic Monkeys. So, what are the rules?
Levels the playing field
The GDPR helps level the playing field. Companies can be ethical with consumer data protection and privacy, without risking unfair competition from others that are blasé or downright unethical with this data. The term personal data is a broad term that covers consumer data such as shopping behaviours and preferences, credit card information and addresses. Some experts estimate that only 25 percent of customer data in databases meets GDPR requirements. These corporations will have to improve transparency and protect consumer rights.
Consumer rights
General Data Protection Regulation gives consumers rights and control over their personal information. It has specific rights: the right to access, to be informed, to rectify, to erasure, to restrict processing, and to object, as well as rights in terms of data portability, automated decision making, and profiling. Basically this enables easy access to personal data and understanding on how its used. Businesses have been madly emailing out their polices to users to show that they meet these GDPR requirements.
There is a growing list of examples of why these type rules are needed (such as the scandal with Facebook and Cambridge Analytics). Canadians have rules for pieces like email list authorization, but we need a broad set of enforceable rules like the GDPR. In the meantime, we’ll happily piggy-back off the European Union’s rules for the international companies that we deal with.