If you’re in the EU you will have been bombarded with messages in the last few weeks, emails from everything you’ve ever subscribed to, forced logged out of apps, and screeds of new terms and conditions to read. It’s all because of GDPR, the European General Data Protection Regulation.
The GDPR is a new law on data privacy in the EU and it relates to companies, individuals and organisations processing personal data for commercial use. It’s meant a lot of work over the last 3 years for anyone working in digital and a lot of lawyers. It grants citizens very specific rights over their personal data, here’s the list of rights from the EU official site:

The responsibility rests with companies to obtain clear consent from you, and you must opt in to receive information from them, the law states that “pre-ticked boxes are not considered to be valid consent under GDPR”. The law also recognises that consent is not always possible, for example an employee cannot consent to be supervised by CCTV for a productivity issue – since there is a power imbalance between the employer and the employee. The penalties for companies are steep, up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. No wonder companies are working hard to set up good privacy systems.

As an individual, a consumer and an employee I like the principles of the law. I’m glad to see a comprehensive overall of how our data is used, and that the EU is using its power to counteract the power behind US tech giants who haven’t taken as much care of my data as I’d like. But oh boy it’s exhausting to read everyone’s terms and conditions and sort out what I’m going to agree to. And not all companies present it in the easiest way. Here’s the notification on data sharing from FastCompany

Seems OK right?
That’s until you scroll and find out that there are 53 companies other than Fast Company who get access to your data, and they get your data not just from Fast Company but also from other sites which use these companies – that’s code for tracking cookies being set on your computer so they know which site you use. I work in digital and I have heard of about 8 of these. There’s no way anyone has time to look through the conditions of all these sites and evaluate what is being done with the data.

Some companies weren’t able to make their sites GDRP compliant in the two years since the law was passed and I got this message

Me: “You promise??!!”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.