What is the General Data Protection Regulation?

unsplash-image-1lfI7wkGWZ4.jpg

General Data Protection Regulation (GDPR) is an act that gives ordinary people the power and control over the data that companies hold over people. The GDPR is an E.U. legislation but massively affects companies and businesses worldwide.

Ever wondered about the emails you get from companies asking your consent for your information to be part of their system or to be on their weekly newsletter? Those emails are not some kind of public relations strategy; instead, it is because of the massive change in the E.U. (European Union) data protection rules. In 2021, every part of an individual's life can be digitized, logged, and monitored. A picture you take, a movie you watch on your favorite streaming platform, a purchase you make, or even a journey that you document can be tracked. Every day more and more of your Personal Information is collected, stored, and traded by companies and governments.

The GDPR regulations cover PII (Personally Identifiable Information), information that can identify us, which includes:

  • A Full Name

  • Social Security number

  • Driver's license number

  • Bank account number

  • Passport number

  • Email address

With the GDPR in place, organizations will now prove they have a lawful reason for holding an individual's data and, even more importantly, prove that they are keeping the data at hand safe. If you are receiving emails from companies, they need to confirm your consent before having and storing your information in their system, e.g., Your Name and Email Address.

If you signed up for a company's newsletter and gave them permissions in the past, it could probably still be valid. In some cases, companies contacting you to ask for your consent could be illegal because a company cannot initially prove consent; they should not be emailing you to confirm your details anyway. In most cases, if you do not reply to the company's emails, then the company should delete your information from their system.

For the companies that fail to comply with the GDPR, the penalties are massive. A recent example would be the "E.U. regulator hits Amazon with record $887 million fine for data protection violations "Read More. The penalty could be as much as 4% of the annual turnover of the company. It is an earnest piece of legislation that is supposed to empower people who give their information to companies.

Companies would have to be very upfront when asking for consent for a user's data. If a company that stores your data is hacked or breached, they must inform you of the hack within 3 days. A user also has the right to see their own personal data. If you suspect the company of being fraudulent, you can demand that they hand over all the information and data they have on you with a right to be forgotten from their systems. However, the right to be forgotten is not absolute, and certain conditions may apply.

The GDPR is a way for companies to build trust with their users and customers. The primary goal of the GDPR is to stop data breaches from happening in the first place.

Previous
Previous

Hack The Box Edition: Curling

Next
Next

VulnHub Edition: DerpNStink