GDPR (General Data Protection Regulation) is one of Europe’s core safeguards to protect EU citizens by giving them more control over personal data. It is the world’s most comprehensive digital privacy legislation, a set of rules designed to be followed by businesses to ensure that information is processed securely, fairly and without detriment to citizens and internet users.
Why is personal data so important?
Whenever we send information across the internet, much of it is not just sent, but also stored in various ways that are necessary for the information transfer. This can be in relation to any piece of critical information that could be used to identify you or perform malicious activity in your name, and sometimes, when the data is not well protected, properly stored or collected with your permission, it can cause problems (such as identity theft) for you and those around you.
The debate around data privacy has heated up after revelations that companies have been using – and selling – personal data for profit, without the permission of individuals. Companies often tell users that the information is being collected so they can provide better communication, or for a better user experience, and this has been proven to be false in multiple revelations all around the world. The data is often collected illegally, used against the customer’s will for marketing purposes, and sometimes even sold like a commodity.
How does the GDPR protect citizens in the EU?
The following is a summary of some of the rights granted by the GDPR to individuals in the EU:
Right to access – individuals can request access to their personal data and ask how it is being used after it has been gathered. The company must be able to provide a copy of this personal data at no charge if requested to do so.
Right to Erasure – individuals have a right to request your data to be deleted if you are terminating your services with a company, although this does not apply universally.
Right to Data Portability – companies must not conduct “vendor lock-in” through withholding of your personal data; essentially giving individuals the right to switch providers for a service (such as your Internet Service Provider)
Right to be informed – individuals must always be informed when their data is being collected, and permission gathered for its use for specific purposes. This is why most email newsletters now require a specific “opt-in” option when signing up now, as companies are not allowed to automatically sign you up for their marketing and targeting.
Right to restrict processing – individuals can request that their data is only recorded but not processed in any way (or used).
Right to object – individuals can stop the processing of their data for marketing purposes – any processing must stop as soon as the request is received.
Right to be notified – if there is any data breach that compromises an individual’s personal data, the individual has a right to be informed within 72 hours after the company is first aware of the breach.
In addition, GDPR also includes enforcement actions such as heavy fines for businesses who are not compliant; they take the GDPR very seriously:
- British Airways are facing fines of £183 million ($228 million) for a data breach disclosed by the company in September.
- Marriot International Hotels will need to pay €110.3 million after a hack dating back to 2014 was discovered in late 2018
- Google, the first victim of GDPR fines, was fined €50 million for not making consumer data processing statements readily accessible to users and employing obscure language in agreements, as well as not seeking consent from consumers for use of their data for ad-targeting (illegal under the GDPR)
- Even majority stated owned companies like Austrian Post are under the purview of GDPR; they were fined €18.5 million for illegally selling consumer data.
How does it affect people outside of the EU?
The GDPR doesn’t just apply within the EU itself; even companies and organisations around the world holding data belonging to individuals in the EU must comply with it if they are to do business with customers there. As long as they have an establishment in the EU, offer goods and services, or monitor behaviour of individuals in the EU in any way, they are required to conduct themselves to the same level of compliance.
How does Oobit stay in compliance with the GDPR and ensure the highest standards for data protection?
For instance, Oobit KYC, our flagship KYC solution, uses cutting edge technology and localized encryption + storage to safeguard your personal data – at no point do we store the information without your consent.
We also have an appointed Data Protection Officer as per GDPR requirements, who will hold our company at the highest standards for data protection. He will monitor our compliance with GDPR and other data protection laws, raise awareness of data protection issues, train staff, conduct internal audits and cooperate with supervisory authorities on the company’s behalf.
You can rest assured that Oobit will always keep the customer’s best interests in mind in data privacy. Read more about us and how we’re tackling data privacy issues in the cryptocurrency space at Oobit.com