You’ve heard about it everywhere: the GDPR came into effect on May 25th.
To hear about it is one thing, to understand it is another.
You have globally understood that this concerns the vast and obscure field of data on the internet and that this could potentially be close to the latest scandal where Facebook was in the middle of (the data of some 87 million users of this social network were found between hands of Cambridge Analytica Data Analysis Company, Ed.). So obviously all this worries you and you wonder what this acronym will concretely change for you.
After four years of debate, the General Data Protection Regulation (GDPR) came into effect on May 25 in all the countries of the European Union and will greatly strengthen your rights (to you, Internet users) on the use of your personal data.
Because yes, you are not necessarily fully aware of it, but when you browse the internet you leave traces.
Let’s take the example of Julia – one of our contemporaries thirty-year-old combining professional life and toddler. On her personal mailbox, she receives promotional offers (so-called a newsletter) from a clothing brand that she likes. She clicks, arrives on the site and starts to navigate between the different pages of the site to take advantage of the proposed offer. She filters the products according to her size and the category of clothing she is looking for. That’s it, she found a pretty floral dress in size 40. However, once her basket filled, she did not expect to pay a delivery fee. Disappointed, she closes the page without having made the purchase.
During her journey, Julia has provided information that are useful to the company: Julia is receptive to newsletters as well as receiving promotional offers for which she has given her prior consent (so the company can continue to send while monitoring the frequency of sending), she is rather interested in dresses, printed and its size is probably 40 (no need to send him an offer if this size is out of stock). The company can also understand that if Julia gave up her cart it was because of the delivery costs. It can send her a new e-mail later telling her that these fees will be offered (to avoid any disappointing customers experience).
Here is the type of information, of data that a brand can collect on your journey.
Other data are also “harvestable”. This is normally quite well known: tweets, posts and Instagram photos that you post regularly can be accessible to the public without proper settings. But Julia does not necessarily want some crazy parties of her youth reappear today. Hence the interest of one of the measures of the GDPR: the right to be forgotten (ie the erasure of some of the data after a certain period of time to protect the privacy – yes, Julia has done much to Party).
Here are seven key points, which should not change your daily life too much, but perhaps shed some light on your digital life and make you feel safer:
To go back into the details, here’s what it gives:
1. Your consent to communicate your information must be explicit
Your consent must now be given to companies with very clear approval. No more pre-checked boxes or tips of some sites to make you accept more easily its conditions. It must be obtained for separate purposes, for example, if a company wants to be able to send you advertising for its products or to do telephone prospecting.
2. Companies have the right to collect only what is strictly necessary
Your gender or age have no reason to be informed. If a media or company wants to send you a newsletter or promotion by SMS, it only needs your email address or your number (which you have agreed to give it). You can obviously give him your address if you want to be delivered, it’s your choice!
3. You can request that all your data be transferred
For example, if you change your phone company, you can request that all your information be transferred from your old operator to the new one (the old operator will have a maximum of one month to complete this task). This is called the “right to data portability”.
4. You can request that your data be deleted at any time
If you request it, your personal information can now be deleted at any time.
5. Fifteen years old: the legal age to register on social networks (without parental authorization)
It is the age of 15 that has been retained for the moment by the French deputies so that each minor can consent to the processing of its personal data online.
6. Possibility of a class action in court
If you feel a violation of the protection of your data, you can take a class action and get compensation for the harm you have suffered. You can from now on mandate consumer associations to file a claim on your behalf with the supervisory authority (for example the CNIL in France).
7. Sanctions for businesses
For companies that do not comply with this regulation, the risk of sanctions is high: up to 20 million euros or 4% of the annual global turnover of the company (the highest amount will be retained) .
Here! From now on, when the acronym GDPR falls in the middle of a discussion, you will be able to share your knowledge. Class, no?
Now what’s important to remember is also that companies are more and more careful not to ask too much and to push your products that interest you. The data still has their interest. They also allow you to benefit from beautiful discounts that are often fun and allow sales or after-sales services can identify you directly to accompany you.