The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means tackling how companies such as Google and Facebook use and sell the data they collect from their users.
The law marks the largest revision of the privacy rules for personal data since the birth of the internet.
Under the GDPR, companies are required to report data breaches within 72 hours, and to allow customers to export and delete their data.
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25
Part of the extended rights of data subjects as set forth by the GDPR is the right for data subjects to obtain confirmation from the controller whether or not personal data about them is processed or not, where and for what purpose.
Furthermore, the controller must provide a copy of the personal data in electronic format free of charge.
This change is a dramatic shift to data transparency and empowerment of stakeholders.
Under the right to be forgotten, also known as Data Erasure, they have the right to have the controller erase their personal data, stop the further distribution of the data, and possibly have third parties stop processing the data.
The conditions for deletion include that the data is no longer relevant for the original purposes for processing, or that a data subject withdraws his consent.
This right obliges auditors to compare subjects’ rights to ‘the public interest in data availability’ when considering such requests.