Whether you work for an organization controlled by compliance standards or you are an independent…
By Michael Hall, Chief Information Security Officer
The General Data Protection Regulations (GDPR) is the EU’s new mandatory privacy compliance, which officially went into effect on May 25th. The purpose of these new regulations is to protect the personal electronic data of EU citizens and make sure they are aware of their rights. Companies that do not comply with GDPR cannot continue to do business in the EU or with EU citizens. As a result, every website and email newsletter you’ve ever signed up for or signed into is making sure you know they are up to par.
What if You Don’t Live in the EU?
Whether or not you live in the EU, you’re still getting these emails (as you know). There are three possible reasons for this:
Citizenship is Unknown
There are all kinds of reasons a person may receive these notices even if they are not a citizen of the EU. For one, most companies request contact and mailing info, but rarely citizenship info. You may be a French citizen living in Ohio. Or you may have dual citizenship. There are many reasons why companies are not going to take the chance when sending a regulation-required update.
Many companies, like DriveSavers, prefer to have best practices in place for all of their customers, rather than just those that require it. If the new regulations that are required for EU citizens are an upgrade from what is required by the U.S. government (which they are), a business that truly has the interests of their customers in mind will apply those changes across the board, and therefore send updates to all customers.
Other Countries May Follow Suit
It’s generally agreed that the new GDPR regulations are an upgrade. Therefore, it’s only a matter of time before security-minded countries like the United States follow suit with their own regulations that meet or exceed those of the EU. Smart businesses are preparing for that by applying GDPR rules to all of their clientele.
What is GDPR Changing About Privacy Policies?
One purpose of the GDPR is to simplify privacy policies and terms of service so that customers can easily understand what they’re agreeing to before they click to consent. Hence, the big overhaul by every company you’ve ever signed up with, even if you haven’t opened their emails in ten years.
What Does the GDPR Say About Use of Your Data?
Per the GDPR, EU citizens have certain rights and may make a request to exercise them. Under certain circumstances, EU citizens have the right to:
- Request access to personal data
- Request correction of personal data
- Request erasure of personal data
- Object to some processing of personal data
- Request restriction of processing of personal data
- Request the transfer of personal data to themselves (the owner) or to a third party
- Withdraw consent
- Object to being subject to automated decision-making
- Lodge a complaint
These rights are big steps forward for personal privacy. For example, you can now download all of your photos and other entries from your Instagram account to keep on your own computer or share with another company. You couldn’t do that previously. That change is a result of GDPR.
What Changes has DriveSavers had to Make?
There are no changes in the way that DriveSavers stores, uses or shares your data, as our existing policies and procedures already complied with the new regulations, regardless of whether you are a citizen of the EU, the U.S. or any other nation in the world. Wherever you call home, the security and privacy of your personal data is fundamental both to our business model and our code of ethics.