In a lot of media, you will find the latest reports about GDPR which, having been adopted in the spring of 2016, comes into force on 25th May. The aim of GDPR is to harmonise the data protection law within the EU and adapt the regulations to new developments. Harmonisation is achieved since GDPR, by its very nature as an “EU General Regulation”, is a law directly applicable within the EU to be implemented by national legislators in national law unlike previous EU directives. Adapting to developments – above all in the area of advertising via Internet services – is required, since the processing of personal data features more and more on company business models. The general rule “If a product doesn’t cost anything, you yourself are the product.” applies more and more. More precisely, the personal data of the user are the product that are consolidated and evaluated via ever more refined processes. “Big data” is the well-known buzzword for this development.
And how does GDPR now change things?
The basic regulations of data protection currently applicable, such as the “policy to ban processing personal data with exceptions”, “transparency”, “appropriation”, “data minimisation” and “integrity and confidentiality”, will not change. However, in some areas regulations will be expanded. These include the “obligation to provide documentation” and “obligation to provide proof” of processing operations carried out by the responsible authorities and the expanded “obligation to provide information” to the owners of the personal data. It also incorporates other rights, such as the “right to be forgotten” and “data portability”. The latter should enable the person to request data from a responsible authority in a machine-readable format in order to forward onto another authority, if required – certainly a challenging task in the field of social media.
What exactly does data protection want to achieve?
These regulations are not about banning personal data processing. Rather, they are about giving people the opportunity to keep track of who is doing what with their own data, where they are doing it and why, and as far as possible, enabling them to determine themselves what happens to their own data.
Guest blog by Andreas Winnes OMNI PC & Schindler Parent Data Protection Officer.
For more information please contact:
antje.koch (at) schindlerparent.de