As the European Union’s General Data Protection Regulation (GDPR) continues to dominate the headlines, there’s never been a better time to catch up on what it all means.
The GDPR is a set of stringent data protection laws that will come into effect this month (May 2018) in the European Union.
Although the UK voted to leave the EU back in 2016, the details are still being sorted out. “Brexit” is a gradual process, and Britain is still technically part of the EU. Even if it was not, the UK has promised to adhere to an equally powerful and protective set of regulations.
The UK Department of Digital, Culture, Media and Sport (the “DCMS”) issued a Statement of Intent in which it outlines its data protection bill for the protection of UK citizens’ data. By all accounts, it is very similar to the GDPR.
Here’s a cheat sheet of critical points for understanding the GDPR:
The GDPR applies to organisations within and outside the EU that offer goods and services or monitor the behaviour of anyone in the EU. In other words, it could apply to any company in the world, as long as it is handling the data of EU citizens.
The GDPR expands the definition of personal data to include new kinds of data that may arise in the future. It is all-encompassing, unlike previous legislation.
Organisations must use simple language when asking individuals for their consent to collect personal data. They must also be clear about how they will use the personal data.
If there’s a breach at an organisation and data is compromised, that organisation must give notification within 72 hours.
Organisations must not hold data for longer than is necessary. They must also delete personal data when an individual makes such a request.
The key takeaway here is that EU regulators have stated that the GDPR rules will apply in countries that lie outside EU territory. That means any company collecting data on an EU citizen – no matter where in the world that citizen happens to be living – must adhere to the GDPR.
Since the GDPR applies to UK residents for the time being and since the DCMS bill offers protection on the same level, we can expect these rules to apply to British expats here in the United States, both now and in the foreseeable future, if the DCMS bill passes Parliament.
We will remain attentive to the matter, but in the meantime, we pledge to respect and protect our customers’ privacy. We handle all data collected with the strictest privacy protections in place.