How Will the EU GDPR and Data Reform Strengthen Individuals’ Rights?

Why do individuals need data protection?

In the 21 years since the current European data protection rules were adopted, new ways of communicating, such as via online social networks and through mobile technology, have changed the way people share personal information. In addition, the rise of cloud technology means that more data is stored in remote computer server farms, rather than on personal desktops. More than 250 million people now use the internet every day in Europe.

In today’s quickly evolving technology environment, individuals must be able to retain effective control over their personal data. This is a fundamental right for everyone and it must be safeguarded.

What is the Data Protection Reform about?

The new General Data Protection Regulation (GDPR) will ensure that individuals receive clear and understandable information when their personal data is processed. Whenever an individual’s consent is required, under the new regulation, consent will need to be given by means of a clear, affirmative action before a company can process any personal data. The new rules will also strengthen individuals’ right to be forgotten, which means that if individuals no longer want to have their personal data processed, a business needs to delete it (unless very specific exceptions apply).

Attitudes towards data protection

Research from the Eurobarometer, published by the European Commission, indicates that individual views regarding privacy are slowly changing, and these are expected to further improve with the GDPR’s implementation:

• Around 7 out of 10 people are concerned about their information being used for a different purpose from the one it was collected for.
• Nearly 1/2 of all European internet users are worried about becoming a victim of fraud through the misuse of their personal information.
• Almost all Europeans say they would want to be informed, should their data be lost or stolen.
• 71% of Europeans feel that there is no alternative other than to disclose personal information if they want to obtain products or services.
• Only a little more than 1/3 of Europeans are aware of a national public authority responsible for protecting their personal data rights.
• Only 15% feel they have complete control over the information they provide online.
• One in three people (31%) believe they have no control over the data they provide online.

The GDPR will guarantee free and easy access to individuals’ personal data, making it easier for them to see what personal information is held about them by companies and public authorities, and making it easier for individuals to transfer their personal data between service providers — known as “data portability.”

The new regulation requires businesses to notify both individuals and the relevant data protection authority without undue delay, where feasible within 72 hours, if data is accidentally or unlawfully destroyed, lost, altered, accessed by or disclosed to unauthorized persons, and where there is a risk to individuals’ rights.

“Data protection by design” and “Data protection by default’” are also important principles in the EU GDPR. This requires businesses to build data protection safeguards into products and services from the earliest stage of development, emphasizing that privacy-friendly default settings should be the norm. This will be important, for example, for social media, going forward.

Overall, the new EU rules — which also affect multinational businesses that have an EU presence — will strengthen individuals’ rights in a practical way. The EU Commission as well as the national data protection supervisory authorities are raising awareness of these rights for individuals and how they can be used by businesses in the most effective way.

How will data protection rules help individuals?

Better data protection rules mean that individuals can be more confident about how their personal data is treated, particularly online. These new rules will help increase trust in online services, so that individuals are able to use new technologies with greater confidence, and can fully reap the benefits of the internal market. Clear and effective rules regarding the free movement of data will also enable businesses to grow within an environment that is protective towards individual data, boosting the demand for innovative services and products.

What are the key changes that are coming?

The EU GDPR’s “right to be forgotten” will help individuals manage data protection risks online. When individuals no longer wish for their data to be processed, and there are no legitimate grounds for retaining it, the data must be deleted.

The new rules are about empowering individuals, rather than simply erasing past events by:

• Making it easier for individuals to access their own personal data
• Giving individuals a right to transfer their personal data from one service provider to another
• Requiring businesses to ask individual for consent by means of a clear affirmative action
• Requiring businesses to provide more transparency to individuals regarding how their data is handled, with easy-to-understand information, particularly for minors
• Requiring businesses and organizations to inform individuals about data breaches that could adversely affect them without undue delay. Businesses will also have to notify the relevant data protection supervisory authority about data breaches.
• Providing a better means of enforcement of data protection rights through improved administrative and judicial remedies in cases of violations
• Providing an increased responsibility and accountability for those processing personal data

The new regulations provide greater protection for individuals by requiring greater transparency, empowerment, and accountability from businesses, while also providing clear mechanisms for enforcement. Giving individuals the ability to retain effective control over their personal data helps improve their relationships with businesses that offer products and services, and it also serves the greater good.

Dattaca Labs is a living lab that is leading the personal data economy from Iceland. The business works with public institutions, local and multinational companies, and entrepreneurs to develop innovative solutions and services across a wide range of sectors, including health tech, fin tech, telecommunications, and IoT.