Certainly, in recent weeks and days you found the phrase GDPR in front of you everywhere and received dozens of emails from the various electronic services you use informing you that their service has begun to comply with the new regulations. Also, in News on the Sidelines, we talked several times about some of the matters related to this law. Yesterday, May 25, 2018, the official implementation of the law began. So what will we really feel or find after application?
What is the GDPR?
GDPR is a law in the European Union concerned with privacy and obliges companies to do several things to protect the data of European Union users. The law also imposes huge fines of 20 million euros or 4% of the company's income the previous year (whichever is greater) on violators. The law obliges any company present in Europe or providing services within Europe to adhere to it. It is reported that the law began preparing in 2012 and was approved in 2016, and only yesterday it became binding on companies.
Does this mean that companies will stop spying on us?
The law does not mean that companies should stop collecting user data. The law does not interfere with the way companies operate. Rather, it regulates privacy, that is, the company has to make it clear to the customer that it collects such, such and such data on him and uses it in such and such and that it has the right to share the data with other parties. In short, he puts the decision in the hands of the user. He who decides and agrees in advance and knows exactly what the companies are gathering about.
Didn't the laws previously provide the same thing and oblige companies to disclose?
The theoretical answer is yes, but the actual answer is no. The old regulations and companies were already telling the user that they collect some "needed" data and use it to make improvements in services and may share it with some parties. Just like this, without a precise explanation of what, how, when and what data are. We may collect some data and we may use it and may share it. The new GDPR requires companies to clarify what they collect, when, and what they do with your data. Old laws were unrestricted so for years the European Union failed to denounce Google for misusing user data or even forcing it to tell them what to do with the data.
How do I know what is being collected about me?
Any service must show you a clear method that enables you to know the data that is collected about you. The law requires companies to simplify the bulky user list to make it easy to read. In the past, companies used to deliberately write a huge and complex list that it is impossible for us to read and press approval without thinking. And the law considered this step a ploy by companies to obtain the customer's consent without reading. And companies add any data to this list. Suffice it to mention that Apple puts a clause saying that terrorists have no right to use the iTunes program to manufacture bombs of mass destruction - see Our old article-.
What about previously collected data?
The law requires companies to add a mechanism that enables them to know or download all the data registered about them with the company. In other words, for example, you have the right to know everything that Apple, Google, Facebook and Twitter have previously kept about you from the beginning of these companies' work and until now. You have the right to download this data and review it at any time you want, as this is your data.
What if I find in the recorded data something that the company does not want to keep?
The law states that your data is yours, not the property of companies, meaning that you have the right to request any company to delete any data about you that it does not want to keep. For example, you uploaded your data from a communication site and was surprised that they kept some old pictures that you scanned, so here you have the right to ask them to delete them and the companies must comply.
Will companies adhere to the law or will there be deception and fraud?
Of course, officially the companies stated that they will abide by the law, but this does not mean that the companies are angels and are executed without discussion. But there are bodies that will investigate the companies' commitment, and if a violation is detected, there is a deterrent fine that reaches 4% of the company's income. Imagine that Apple last year achieved 225 billion dollars in income. This means that Apple's fine, for example, will be 9 billion dollars. Paying the fine does not mean that it is entitled to continue the offense. That is, you will pay the fine, then abide by the law and remove the violation, and if you do not do so, you will be fined again.
What about us, citizens of the Middle East?
The law is binding on the countries of the European Union and those who live in them or provide their services to their citizens; That is, it is not binding on those outside it; But the good thing is that the world is a small village; The company that deals with it often serves citizens in Europe and is therefore obligated to follow this law. Of course, companies have the right to say that they will abide by the law for the European user and violate it for others, but this will be an admission by the company of illegally stealing data and destroying its credibility.
Will we hear about companies being fined soon?
This is not expected because the law is simply new and in Europe, or in general, the fines are intended as a warning and not a trap to collect money from citizens. Therefore, the issuance and the beginning of the implementation of the law, the concerned agencies will begin to review companies' regulations and ensure their compliance with it, and you will find there are those who applied the law properly and completely, and there are those who applied it but lacked some things, and here advice and warning will be directed to him to amend several points to comply with the law. This applies to everyone because even the big companies may not know precisely that they are breaking the law, for example Microsoft mentions a text on its website.Since the GDPR has yet to be enacted, it is difficult to know which organization, cloud, or otherwise will be compliant when it is launched. However, in order to find the tools your organization needs to enhance its compliance you will need to find companies that have already pledged compliance.. In other words, Microsoft itself says that it is not clear who follows the law and who is not, and has advised small companies to follow the steps of companies that have declared their commitment.
But the foregoing does not mean that if it finds an explicit violation of a clause that the company said it applied, and the investigation found that it did not apply it, it will be exempt from the fine. The foregoing review and warning may apply to those who were found to have been applied by 95%, for example, and here is a lack of implementation.
How do I get my data to download it to different companies?
This is a very complex question. Each company has its own style, different data storage method, and even a different upload method; However, it is assumed that if you go to the privacy field or search in the company name with the GDPR next to it, you will find links to help you. A few days ago, we explained an article about Apple, its method, and what data it collects. See this link For more.
Does the law only apply to data and its collection from companies?
The law contains many details, such as requiring companies to disclose the security breach within a maximum of 72 hours of its occurrence. Previously, companies waited months and possibly years before announcing that their databases had been compromised. And famous examples of companies that have waited for long periods of time (Yahoo and LinkedIn) and in the Arab world, "Careem", a competitor to Uber in the Arab world. But with the law, the company must inform the user that his data may have been breached, up to a maximum of 72 hours from this occurrence.
What do you think of GDPR and do you expect companies to adhere to it or seek to manipulate? Do you have any questions about it?
Sources:
Office | Google | ahram | Wiki |
Wonderful article ,, Nice feeling to feel that someone cares about you and tries to protect you 👍
Thanks for the great article and the great effort ❤️✨
A very important, understandable and clear article. I thank my brother Bin Sami for the article very much
I would love to share this article about
12 facts (of interest) about the European General Data Protection Regulation - GDPR
We are happy to share with you, great article
Explicitly and as an Arabic user; I do not expect much positive about the ethical commitment to the law referred to by companies “especially big companies such as Facebook, Twitter, Yahoo and even Microsoft and Google” towards Arab users in particular and Muslims in general. I do not find any real trust between the two parties, they are like big companies seeking to spy on the political level, and we view them as such with certainty of their inferior view of the third world countries.
Can Middle East and North African users request or inquire about the personal data used by the company?
For example: Apple Inc.
• I am an Arab user, can I get a copy of my personal data from APPLE?
Thanks for the article