GDPR has these major differences as opposed to the current laws:
Clear consent
Companies must communicate clearly what data they collect, and for what purposes. They may no longer rely only on elaborate legislative texts (Terms & Agreements) that nobody reads.
Hacks and leaks
It becomes mandatory to report hacks and leaking of data to both the authorities as customers, within 72 hours.
Right to access
This has always been a right, in my country at least. I may ask what data you collected about me and you will have to answer to that.
Transferable data
I may ask for my data that you collected, and use this in any shape or form in my own systems or however else I like.
Right to be forgotten
All data that is no longer necessary for your core service has to be deleted per the consumer's request.
Privacy by design
This one I don't completely understand myself, but from what I take out of it, all companies that process data have to develop their systems and websites with privacy as top priority.
Data protection officer
Doesn't apply to most of us. All companies with more than 250 employees must have a dedicated person whose only task is privacy and monitoring internet safety.
---
Personally I don't think that these changes are as big as they are being presented. But I'm still in favour of this step. Trust is big selling point for users, hence beneficial for companies that supports it. If I had a cent for every time I heard someone say that they'd dump Facebook if there was an alternative that respects data and privacy (preferably through a paid subscription), I'd probably have €9,53 right now.
Clear consent
Companies must communicate clearly what data they collect, and for what purposes. They may no longer rely only on elaborate legislative texts (Terms & Agreements) that nobody reads.
Hacks and leaks
It becomes mandatory to report hacks and leaking of data to both the authorities as customers, within 72 hours.
Right to access
This has always been a right, in my country at least. I may ask what data you collected about me and you will have to answer to that.
Transferable data
I may ask for my data that you collected, and use this in any shape or form in my own systems or however else I like.
Right to be forgotten
All data that is no longer necessary for your core service has to be deleted per the consumer's request.
Privacy by design
This one I don't completely understand myself, but from what I take out of it, all companies that process data have to develop their systems and websites with privacy as top priority.
Data protection officer
Doesn't apply to most of us. All companies with more than 250 employees must have a dedicated person whose only task is privacy and monitoring internet safety.
---
Personally I don't think that these changes are as big as they are being presented. But I'm still in favour of this step. Trust is big selling point for users, hence beneficial for companies that supports it. If I had a cent for every time I heard someone say that they'd dump Facebook if there was an alternative that respects data and privacy (preferably through a paid subscription), I'd probably have €9,53 right now.