The privacy of personal data has always been important but is increasingly becoming more important due to the growing application of it.
The main reason data privacy is important is because it limits the power organisations have, if an organisation has control of large amounts of personally identifiable data, they hold huge amounts of control and power over one’s life. Limiting this, gives users trust and freedom over political and social activities. If data is used in an unethical way, it can have catastrophic consequences such as manipulation over election campaigns, or attacking vulnerable groups for corporate greed. Protecting a user's data, protects their reputation, and ultimately freedom.
With the rising concern over privacy and exchange of personal data, the GDPR aims to protect individuals' rights to privacy and enhance data protection.
The General Data Protection Regulation is a regulation law on data protection and privacy in the European Union including the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR was implemented 25 May 2018.
The GDPR has 7 key principles that it stands by:
Lawfulness, fairness and transparency - Obtain the data on a lawful basis, leave the individual fully informed and keep your word.
Purpose limitation - Be specific.
Data minimisation - Collect the minimum data you need.
Accuracy - Store accurate up-to-date data.
Storage limitation - Retain the data for a necessary limited period and then erase.
Integrity and confidentiality - Keep it secure.
Accountability - Record and prove compliance. Ensure policies
The GDPR applies to a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed. It is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Every company that does business in Europe needs to know everything about it.
- Requiring the consent of subjects for data processing.
- Anonymising collected data to protect privacy.
- Providing data breach notifications.
- Safely handling the transfer of data across borders.
The GDPR does apply outside of Europe. The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organisations that handle such data whether they are EU-based organisations or not, known as “extra-territorial effect.” If a New Zealand company deals with EU citizens in any way you may be subject to GDPR, therefore you should act as if you do so you are in compliance.