General Data Protection Regulation – General Data Protection Regulation (GDPR) was approved by the EU Parliament in April 2016 and effective from 25 May 2018 will enter into force and apply to any company in the world that stores or processes data of persons living in the European Union. Companies that do not comply will face hefty fines that are higher (i.e. up to 20 million Euros) or up to 4% of annual global turnover. The purpose of this legislation is to protect data privacy for EU citizens and to establish consistent data privacy laws across Europe.. If the company complies with the Data Protection Act (DPA), which precedes the current GDPR, it is likely already compliant with the regulation.
Many companies collect our data for the tracking of their own business.. Telephone companies, shopping stores and websites in particular have our data up to our TR ID number. GDPR is the regulation on the protection of this data within the European Union.
What is personal data according to GDPR?
- Information such as your name, address, telephone number, social security number.
- Information about your physical appearance. Such as hair, eye and skin color.
- Information about education and work history. Your schools, your salary, educational background, tax information and identity information.
- Sensitive data such as your search history, private messages or location information.
What to Provide with GDPR?
- Right to be informed: If a company collects your data, clearly what data is collected, for what purpose it will be used, when and under what conditions it will be stored, with which third parties the information will be shared, if any. must be shared. If this information is being collected, the necessary conditions should be on a visible page and in a plain language that users can understand.
- Right of access: If a person, company or organization wants to see what personal data they collect, this data will be sent to them. should be submitted within a month.
- Right to rectification: If a person declares that the data held by the company is invalid, they can request that the data be corrected by the company.. Companies and organizations must implement this request within one month.
- Right to deletion: An individual may request the deletion of data held by the company under certain conditions.. For example, if you want your data not to be used anymore or if you think it is no longer needed, you can request the deletion of your data.
- Right to restrict processing: If the organization cannot delete the data of the person concerned, it can limit the right to use the personal data.
- Right to data portability: Users may receive their personal data from one service to another service.
- Objective grounds: Whatever the data is used for, It should be stated what the data is used for.. If it is being collected for legal reasons or for the benefit of society, then legal reasons must be stated.
- The right not to be subject to automated decision making: under GDPR, individuals can raise an objection or disclose about automated decisions that affect them and their data Security measures are put in place so that they can. If a company processes personal data relating to an individual living in the European Union (the individual does not have to be an EU citizen), the law will apply regardless of where the business is based.
All companies involved in digital advertising – advertisers, agencies, ad networks , data/technology companies or publishers are within the scope of the law.
In addition, GDPR provides special protection for children’s personal information.. If a company wishes to collect and process the information of a child under the age of 16, it will have to obtain the express consent of the child’s parents or guardians.
What Will Companies Do to Comply with GDPR?
Information control
The company has to control the personal data collected and stored, where it comes from and with whom it is shared. One of the requirements of GDPR is to record processing activities and have effective policies and procedures in place.
Updating privacy statements
Most likely, the company will learn how to use the personal data it collects to comply with GDPR. will need to update. In addition, the privacy statement must explain the legal basis for the processing of personal data.
Child data
GDPR outlines specific protections for child data. Therefore, it is necessary to verify whether the systems correctly verify the age before processing the data and to obtain the consent of the parents or guardians.
With the GDPR, the definition of personal data has been redefined. Now, even the smallest data belongs to someone directly, this data is now referred to as personally identifiable information (PII).. However, it seems that those dealing with data collection and Big Data applications will have great difficulty in these matters.
<