The General Data Protection Regulation has been incorporated into all national privacy laws throughout the EU and EEA. It will apply to all businesses that sell to and store personal information about European citizens, including those located on other continents.
FREMONT, CA: Personal data is defined in the GDPR directive as any information about an individual, such as a name, a photo, an email address, bank information, updates on social networking websites, location information, medical information, or a computer IP address.
There is no distinction between personal data about individuals in their private, public, or professional capacities – the individual remains the individual. Additionally, everything revolves around interacting and exchanging information with and about one another in a business-to-business setting. While customers in the B2B market are undoubtedly businesses, the relationships that handle business matters are between people or individuals.
The 8 fundamental rights of GDPR
Individuals have the following rights under the GDPR:
The right to access: Individuals can request access to their data and inquire about how the company uses their data after it is collected. The company must provide a copy of the personal data upon request, without charge, and in electronic format.
The right to be forgotten: Individuals have the right to have their data deleted if they cease to be customers or if they withdraw their consent for a company to use their data.
The right to data portability: Individuals have the right to data portability, which allows them to move their data from one service provider to another. And it must occur in a format that is widely used and machine-readable.
The right to be informed: This applies to any data collection by businesses, and individuals must be notified before data collection. Consumers must opt-in for data collection, and consent must be express rather than implied.
The right to have the information corrected: This ensures that individuals' data is updated if it is inaccurate, out of date, or incomplete.
The right to restrict processing: Individuals have the right to request that their data not be processed. Their record may be retained but not used.
The right to object: This includes an individual's right to request that their data not be processed for direct marketing purposes. There are no exceptions to this rule, and processing must cease immediately upon receipt of the request. Additionally, individuals must be made aware of this right at the outset of any communication.
The right to the notification: If a data breach compromises an individual's data, the individual has the right to be notified within 72 hours of becoming aware of the breach.
The GDPR is the EU's attempt to give individuals, prospects, customers, contractors, and employees more control over their data and less control to organisations that collect and use it for commercial gain.