The General Data Protection Regulation (GDPR) is a common framework for the member countries of the European Union concerning the processing and circulation of personal data. It applies to all public and private entities likely to handle information belonging to European citizens such as companies, processors, and associations.
A stronger defense for the Internet user
The main objective of the GDPR, which entered into force on 25 May 2018, is to reinforce the importance of protecting the privacy of Internet users at the heart of businesses, and since its application, improvements have been noted. In fact, at present, GDPR internet users benefit from enhanced protection and better management of their personal data (name, photograph, IP address, the computer connection identifier, etc.). Sensitive data or data relating to information that may cause discrimination or prejudice are also protected by this framework, such as political opinion, religious sensitivity, ethnicity, sexual orientation, etc.
Requesting consent before handling data
The GDPR obliges companies that wish to use the personal data of an Internet user to obtain his or her consent prior to any processing in a clear, explicit, and comprehensible manner so that the person concerned knows how his or her data will be used. Moreover, any processing must be done in compliance with the GDPR, otherwise, it may be subject to heavy sanctions. The GDPR Internet user is at the origin of numerous reminder emails imploring the user’s consent so that the service to which the user has subscribed can continue to send him or her mail.
New rights for internet users
The GDPR sets up recognition for the Internet user of certain rights relating to the protection of their intimate life. These include the “right to data portability” allowing the GDPR Internet user to retrieve all his information and to transfer it from one site to another. It also introduces the “right to oblivion” or the right to make all information disappear in the event of a breach of privacy, as well as the right to be informed in the event of hacking or security breaches related to their data. The content of the GDPR also allows the victim, in case of damage, to take legal action against an offending company, under the “right to compensation for the damage suffered”.