Social media companies, online advertisers, insurance companies and banks have been running wild with your personal data, deciding who you are and what you can do online.

The General Data Protection Regulation (GDPR) gives you far more control of your digital self than ever before. To learn about your new digital rights, take the online quiz that WON’T steal your personal data.

Can you trust companies to protect your personal information?
X That is risky!
CORRECT Their record isn’t great
Corporate databases containing the personal data of millions of people have been hacked many times. Remember the massive Equifax breach in 2017? Or the giant Uber hack in 2016?
GDPR requires companies to better safeguard your data from cyber criminals with security tools like encryption.
If a company loses your personal information, do they have to report it?
CORRECT Sadly, what you don’t know can hurt you.
X Sadly, what you don’t know can hurt you.
Companies have kept data breaches quiet for months or years for fear of bad publicity. It’s critical to be informed if your financial data, passport number, or other sensitive personal information has been stolen.
GDPR makes companies report to authorities when personal information is compromised, within 72 hours. However in most cases customers won't be notified directly unless the breach poses significant privacy dangers.
Can you force Facebook to delete data about you?
CORRECT You can now, thanks to GDPR.
X In the past it was a struggle. But times have changed.
It may seem impossible to loosen a company’s grip on your personal data. Social media platforms like Facebook hate deleting your data because they profit from it.
The new right to erasure means you can withdraw your consent and request your personal data be deleted.
Do you receive tonnes of unwanted emails?
Fear not, under GDPR there is reason for hope.
Lucky you.
For years companies, political parties, NGOs and even charities have used tricky language (and tricky tick boxes) to gain your so-called consent to be contacted.
GDPR requires the use of clearly-worded statements and methods to gain the right to process your personal data, such as affirmative opt-ins for email subscriptions.
Should companies be allowed to share your personal data without telling you?
X Your data can be used against you.
CORRECT Your data belongs to you, not them.
When personal data is shared secretly, you never know how it might be used. Cambridge Analytica accessed the personal data of 87 million Facebook users without their knowledge and used it for political purposes.
GDPR requires companies to inform users if they share their personal data.
Can you be turned down for a loan because of a clerical mistake?
CORRECT Typos can wreak havoc on your life.
X Simple errors can actually have serious consequences.
If a bank or insurance company makes an error in processing your personal data, it can cost you a new job or keep you from getting a housing loan.
GDPR gives you the right to have your personal information corrected. If a company shared inaccurate data about you with third party entities, they must also be informed of the correction.

Your results

You scored /6

Thanks for taking the time to learn about your new data protection rights. If you'd like to know more about GDPR click here.

Great job, it looks like you have a strong understanding of your new digital rights. If you'd like to learn more about GDPR click here.

Open Rights Group fights to protect basic rights like digital privacy, data protection and free speech online.

Our work is made possible by over 3,000 members.

Learn more about our work here or become a member today.