GDPR - What does it mean?

The GDPR entails:

• Portable copy of data
• Erasure of data
• Transparency and modalities
• Information and access
• Rectification and erasure
• Right to object against automated decisions

So, which two privacy laws are new?

Let’s start with the first new privacy law, the portable copy of data. This new law gives the right to transfer personal data. This means that people have the right to receive personal data an organisation has from them, for example for personal storage purposes. Think about requesting GPS information in a travel app or requesting the search history in an app or website, requesting a contact list in a social app, or information about different purchases ever made on a website.

This law is also mandatory for all companies who have to transfer personal data to other organisations. Think about customers who want to sign out from a social network and want to sign-in in another social network. Or data regarding condition, movement, calorie-intake on an app or website that wants to connect or link this to a different organisation. Your organisation is responsible for transferring this data to another organisation and keep in mind that this is mandatory following the new privacy laws.

What about the law of erasure of data?

The law for erasure entails that organisations are obliged to erase personal data when a customer asks for this to happen. This law is similar to an already existing law, namely the law for correction and removal. However, the law for erasure of data is no longer limited to the removal of incorrect data, incomplete data or irrelevant data. Despite this new law being more relevant, it is not always legitimate. Only in the following situations:

• When an organisation does no longer need personal data
• When a customer revokes his permission
• When a customer objects against process of personal data
• When there are no legal grounds for process
• When an organisation is legally obliged to erase data after a set period of time
• When a customer is younger than 16 years old and the data is collected through an app or website

What does this mean for your organisation?

Starting May 25th, 2018, customers can request to receive all personal data online, send to other organisations or remove all saved personal data. The execution of these processes should be easy, digitally and clear for your customers! Keep in mind that your data is processed from a certain structure and you have to respond to their requests within one month. Your organisation can prepare for these new laws by having an app developed with which customers can download their data or make a connection between your website or application and that of another organisation.

What are you going to do?

We can hear your brains turning, what a load of information…now what? In what way is this important for me? And what should I change or how can I best implement these changes? This while we have not even told you everything yet. Besides these two laws, the implementation of the GDPR also means that there are new laws for the development and collection of personal data and this will thus affect your current website, applications, and marketing. In our blog, we delve deeper into the steps that you can take to get ready for the implementation of the new privacy law!