What is GDPR and will it affect you?
The inbox-clogging legislation comes into effect on Friday
If you’ve got an email address, chances are you will have heard about Europe’s new General Data Protection Regulation.
Indeed, it’s hard not to view the rules, or GDPR, as “a law created to fill your inbox with identikit warnings from every company you have ever interacted with online”, says The Guardian.
As well as annoying email users the UK, however, the new legislation is “set to force sweeping changes in everything from technology to advertising, and medicine to banking”, the newspaper reports.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
So who will be affected, and how?
What is GDPR?
GDPR “will bring outdated personal data laws across the EU up to speed with an increasingly digital era”, says Wired.
From Friday 25 May, the new regulation will “alter how businesses and public sector organisations can handle the information of their customers”, the magazine explains. GDPR replaces the 1995 Data Protection Directive and boosts the rights of individuals, giving them more control over their personal data.
What does it mean for consumers?
EU residents now have the right to request access to review personal information gathered by companies. Individuals - or “data subjects”, in GDPR jargon - can ask to have their data deleted, or revised if it is incorrect, and can also have their information sent to them in a portable form.
“If individuals begin to take advantage of GDPR in large numbers, by withholding consent for certain uses of data, requesting access to their personal information from data brokers, or deleting their information from sites altogether, it could have a seismic effect on the data industry,” says The Guardian.
What does it mean for companies?
A lot of paperwork. Business groups say companies will have to spend £1.2m each, on average, to meet the complex new requirements.
“Many do not currently track their data processing in a way that complies with the new rules,” reports The Sun. And if they have sought consent from customers to collect data, the records are often out of date, or the consents do not meet the GDPR standards.
“Very few companies are going to be 100% compliant on 25 May,” says lawyer Jason Straight, the chief privacy officer at London-based business advisory company UnitedLex, told The Verge. “Companies, especially US companies, are definitely scrambling here in the last month to get themselves ready.”
However, Paul Jordan, the Europe managing director of the International Association of Privacy Professionals (IAPP), offered words of comfort, saying: “I think it’s quite clear that a number of companies won’t be ready [for GDPR], but if they can demonstrate they have been planning appropriately [then regulators will give them] a certain leeway.”
Are all those emails necessary?
Maybe not, according to Toni Vitale, the head of regulation, data and information at law firm Winckworth Sherwood. Vitale told The Guardian that “if the business had consent to communicate with you before GDPR, that consent probably carries over”.
And if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you for that consent, Vitale adds.
“In many cases, the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email,” he said.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
The Pentagon faces an uncertain future with Trump
Talking Point The president-elect has nominated conservative commentator Pete Hegseth to lead the Defense Department
By Justin Klawans, The Week US Published
-
This is what you should know about State Department travel advisories and warnings
In Depth Stay safe on your international adventures
By Catherine Garcia, The Week US Published
-
'All Tyson-Paul promised was spectacle and, in the end, that's all we got'
Instant Opinion Opinion, comment and editorials of the day
By Justin Klawans, The Week US Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
EU regulators fine Meta a record-breaking $1.3B for data privacy violations
Speed Read
By Theara Coleman Published
-
AI job fears: how can we regulate the ‘rise of the robots’?
Today's Big Question Concern grows that ‘AI jobs bloodbath’ is underway as BT announces plan to shed 55,000 staff
By Chas Newkey-Burden Published
-
ChatGPT taken offline in Italy over privacy concerns
Speed Read
By Justin Klawans Published
-
EU plans to force Apple to use the same charger as other smartphones
Speed Read
By Brendan Morrow Published
-
European Commission says Apple broke antitrust laws
Speed Read
By Brigid Kennedy Published
-
Whistle-blower claims Apple ‘ignoring and violating’ users’ rights
Speed Read Former contractor says tech giant has failed to act on his disclosures about ‘intimate’ Siri recordings
By The Week Staff Last updated
-
How ‘landmark’ right to be forgotten case will change Google search results
In Depth Search giant wins four-year legal battle against tougher privacy laws
By The Week Staff Last updated