You have probably been flooded with emails from so many services you subscribe to (and forgot you subscribe to) about GDPR. What is it?
We are charging headlong into an an age of privacy awareness and in the wake of the Facebook/Cambridge Analytica scandal and other privacy breaches GDPR seems to be coming along at the right time.
Even though it was dreamed up a couple of years ago by the European Economic Union it seems as though through perfect timing we have had a response from the authorities to address privacy concerns of the wider European public.
GDPR stands for General Data Protection Regulation and is a law that mostly spells out the expectation the the EU has of businesses and individuals that hold personal data on others. It also sets out the penalties for failing to comply which is what made so many businesses sit up and take notice. So lets start there.
Failing to do the right thing in regards to information on EU residents (both in the EU and overseas) will attract fines of up to 20 million euros or 4% of annual global turnover (which ever is greater. In the case of a business like Amazon, you would be looking at US$7billion!
GDPR is all about putting the rights back in the hands of the people who supply the data, the users. This means that if a service has a copy of your details as a EU citizen you would have the right to…
- Request a copy of all the data a service has on you.
- Expect to be opted out by default and asked for consent to collect data.
- Withdraw consent at any time.
- Have data held by a service erased at your request.
- Have erroneous data corrected at your request.
- Expect that your data will not be shared with a third party without your consent.
- and so much more.
In all a good swing of power back to the individual with great big stick to whack the offenders with should they step out of line.
A side effect is that the web pages served in the EU that are compliant have been found to be much faster because the new laws mean that advertisers can no longer track page views or clicks without the expressed consent of each user. This is because advertisers are third parties and do not automatically get included in the GDPR compliance awarded to the website.
In fact the difference has been staggering. A page that was originally 5.2MB slims down to a GDPR compliant 500KB! That is 10% the original size! That means the page is loaded and ready to view in a tenth of the time it usually took!
At the moment, GDPR compliant pages are only being served to EU locations even though the legislation overs all EU citizens anywhere in the world so here’s hoping that trying to track down EU citizens overseas will be too hard and we can expect to see GDPR ready pages worldwide.