The GDPR is in fact a spin-off of the Charter of Fundamental Rights of the European Union, (Article 8 on Protection of personal data, from the 26th of October 2012) stating that:
- You have the right of protection of your personal information
- Any of your data must be processed fairly for specific purposes and only by your own consent or else, a legitimate basis laid down by law. You are as well entitled to access and/or rectify any data which concerns you.
- Compliance with these rules shall be subject to control.
Do you publish your name, age, phone number, race, sex or any other data on a poster for the world to know? Why not? You appreciate controlling what details, to whom and why you reveal them. This is what the general data protection regulation is literally, by law.
What is personal data?
‘Personal data’ means ANY PERSONAL INFORMATION which identifies you, directly or indirectly, such as the obvious name, postal and email address, telephone and mobile number as well as any genetic, physical, physiological, economic or cultural data which can pinpoint you as a person.
It can be even more subjective in reality, just like “someone who eats sand for breakfast”, if this allows others to identify you as that specific individual, then this is personal (a.k.a private) data too!
General Data Protection Regulation: Why do we need it to protect us?
30 years ago, I would give my details to someone, the task/service was done and that was it! Nowadays, those details can be given to the door-to-door person in the afternoon and by the next morning, it could be anywhere else in the world!
This might be used for the headoffice to maths some statistics regarding local branches…but meanwhile, without anyone noticing, it could be used as well for annoying (product of the day newsletter for that brand, which I verbally agreed impulsively to receive) or even, criminal through impersonation fraud as the objective.
Although there has been guidance from the on the matter, each country was free to rule locally and so, you could be comfortable with the outlined policy on your own realm, but there were no guarantees after your information had passed its borders. From the 25th of May 2018, what you expect in one country part of the EC, it is applying to all the others.
P.S. Do you already know what are the real implications of the New RGPD?
Check my next article to uncover the impact for both, data owners and data controllers.