Rights for citizens, duties for firms under new EU data rules

May 14, 2018
The EU's new data protection regulation will mean changes for companies and users

The EU's new data protection rules are set to bolster European citizens' rights while imposing new responsibilities on companies.

Here is an explainer on the rights and obligations entailed under the General Data Protection Regulation (GDPR), which is set take effect later this month:

Power to the people

These are the main rights guaranteed to European under the GRPD—please note that some are already covered by national legislation in several countries.

1. The right to be informed. Internet users who hand over personal data have the right to know how it will be used, how long it will be kept and whether it might be used outside the European Union.

2. The right to access, correct and erase data. Users will be able to transfer their data to another service provider, or receive it themselves in a usable format.

3. The right to be forgotten. Users can ask that they no longer appear in searches, although this right is also balanced against the public's right to know.

4. The right to challenge algorithms. If algorithms play an important role in decisions, such as admission to universities, those affected should have the right to challenge the decision and request human intervention.

5. The right to contest violations of rights. Each country's information rights agency will accept complaints. If the complaint concerns a in another EU state, it will be transferred to the regulator in that country. Final decisions taken by all the national agencies together are binding across the EU.

New rules for companies

For companies, the regulations is not one-size-fits-all. Their obligations depend on what kind of data they collect, what they do with it and their size. It doesn't matter if they are European firms or not—if they collect data from Europeans then the GDPR applies to them.

For most small and medium-sized businesses the new regulations simply protect the information they have on their clients and suppliers using the "rules of common sense", in the words of France's CNIL.

The GDPR's main objectives is to reduce the amount of data being collected and processed from the start.

This means that firms should evaluate what data they really need, and then how to protect it. The information should then be updated regularly.

Clients and subcontractors should also be informed what data is being collected and what for, as well as how they can exercise their rights.

Companies also need to set out policies on who has access to data and how, designate who is responsible for , and put into place all necessary measures to safeguard the data, particularly sensitive information.

Firms also have the right to appeal to their national data regulator.

Explore further: EU's tough new data protection rules

Related Stories

EU's tough new data protection rules

April 11, 2018

The European Union introduces tough new data protection rules next month to give people more control over the way their personal information is used online, as Facebook is grilled over the Cambridge Analytica scandal.

EU firms lash out at new net privacy rules

March 7, 2018

Dozens of European media, telecom and internet firms criticised Wednesday the EU's new online privacy rules, saying they will effectively hand US tech giants even greater power over user data.

Zuckerberg defends Facebook business model

April 11, 2018

Mark Zuckerberg defended Facebook's business model on Wednesday against fierce criticism of how it feeds user data to advertisers, even as he admitted his own personal information had been leaked to outside companies.

Facebook to launch privacy center ahead of EU regulations

January 31, 2018

Facebook says it will launch a new privacy center to help people understand what it does with their data as the giant social network prepares for sweeping new data protection rules in Europe designed to rein in the growing ...

Recommended for you

A quantum magnet with a topological twist

February 22, 2019

Taking their name from an intricate Japanese basket pattern, kagome magnets are thought to have electronic properties that could be valuable for future quantum devices and applications. Theories predict that some electrons ...

Good dog? Bad dog? Their personalities can change

February 22, 2019

When dog-parents spend extra time scratching their dogs' bellies, take their dogs out for long walks and games of fetch, or even when they feel constant frustration over their dogs' naughty chewing habits, they are gradually ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.