US newspaper websites blocked in EU after missing GDPR deadline

Friday, 25 May, 2018

Confused? Here are five things you need to know about the GDPR, starting with the basics.

Since the dawn of the internet, companies have been gathering as much data as possible on anyone they can.

They've good reason to be anxious.

GDPR spells out six specific ways that companies can justify the "processing", or use, of personal data. The most famous case involved Cambridge Analytica, who were accused of using the data of more than 87 million Facebook users without consent. Paul was up late last night making changes and we think we've got there. And those are just the big scandals.

Many companies have not managed to comply with the rules in time. And for fans of gamification, why not try a GDPR quiz? It's a catch-all justification that companies can fall back on to keep using data, though the company must show that its needs outweigh potential impact on users' privacy, said David Martin, senior legal officer for the European consumer group BEUC.

What is Considered Personal Data?

GDPR does not just affect European Union companies, it affects any company that stores and uses data from those 28 member countries' citizens, even if the business has no physical footprint in the country.

Data relating to your physical appearance and behaviour such as hair color, race, and height.

If a business has a security breach in the United Kingdom resulting in the loss of your data, you have to be told as soon as possible.

What Does the GDPR Do?

While the law is created to protect people in the European Union, its impact will also extend to the some cases. This information can't be buried deep in a terms of service no one reads; it has to be concise and in plain language.

Users who no longer want their personal data processed have the right to be forgotten and have their data deleted. Companies have one month to comply. If you leave your address there then it will auto-fill each time you enter a competition and if you win a prize then that address will be passed on to the third party for them to send the prize to, but not for any other objective.

It gives us significant empowerment over whether, how, and when our data is used.
But what does it mean for our human rights and why should you care? From today, you can insist that all your data is permanently deleted. The organization must then stop processing the data until they can prove they have legitimate reasons to do so.

Most online services previously tended to enable all of their data gathering checkboxes by default, because that's how they could get the most users to "agree" to that collection.

The most visible effect of GDPR so far, for most people, may be the blizzard of emails from companies seeking permission to continue sending marketing messages.

A study released in April by the Ponemon Institute- conducted among 1,000 affected companies- found that almost half would not be, or were unsure whether they would be, ready to comply by Friday's deadline. If found guilty, the companies could end up paying up to $20 million or 4% of their global annual turnover, whichever of the two is the greater sum of money.

The group NOYB.EU - which stands for "none of your business" - claims its action could force the US internet giants to pay up to 7 billion euros ($8.2 billion).

"Does the GDPR Apply to All EU Citizens' Data?" "They're wording changes", said David Baser, head of Facebook's new privacy division, told CNNMoney.

This, however, doesn't mean that the GDPR won't affect you.

The right of access: This means you can access all of the data a company stores on you.

Your positive opt-in is based on the information presented to you at the time, so it shouldn't later be used for anything you didn't sign up to.