The General Data Protection Regulation (GDPR) is a groundbreaking regulation that increases your control over your personal data and requires companies and organisations to better safeguard their records.
Have you ever unwittingly “agreed” to a murky online form only to receive a barrage of unwanted emails? GDPR requires most companies and organisations to use clearly worded consent forms to gain the right to process your information. That’s why your inbox was crammed with requests to confirm email subscriptions in the run up to implementation on 25 May 2018.
The right to erasure - also known as the right to be forgotten - means that even after you have given permission, you can still withdraw your consent and request your data be deleted. Another similar provision gives you the right to correct inaccurate or incomplete information that is being held about you. This can make a huge difference in financial institutions like banks or insurance companies where a typo can have serious consequences like costing you a loan.
GDPR requires companies and organisations to better safeguard personal data from cyber criminals by using security tools like encryption. This requirement is good for people and businesses because hacks hurt everybody. The regulation also requires companies to publicly report significant data breaches. In the past many companies have kept hacks quiet for fear of bad publicity.
It's important to know if a company shares or sells your personal data, so GDPR requires users to be notified when their personal data is being shared with a third party entity. Those third parties entities are also required to abide by GDPR rules.
Open Rights Group fights to protect basic rights like digital privacy, data protection and free speech online. Our work is made possible by over 3,000 members.