The new EU data protection rules

Update for your freedom: The General Data Protection Regulation

EU-wide reform of data protection rules: Strong rights for consumers

The General Data Protection Regulation is the update for EU privacy law. The overhauled rules are valid throughout Europe and provide you as a consumer with some new and some improved rights.

Leaving the Internet Stone Age: An update for the EU’s data protection rules

“Babe” hits movie theatres and Coolio’s “Gangsta’s Paradise” rules the charts for weeks. That was in 1995, when the previous data protection directive went into effect. Roughly 250,000 people in Germany had an internet connection back then, today it’s almost 60 million people. Google didn’t exist, not to even mention Facebook and Twitter. Cell phones were used for talking, not for Snapchat and WhatsApp. Since then, communications and trade have become more global, new technologies have risen and sometimes already fallen again, too. It’s no wonder then that it was time for a reform after more than 20 years.

Mending the patchwork: A harmonization of the EU’s data protection rules

All cars registered in the EU have to adhere to common standards for exhaust fumes. And if you’re taking a euro trip in a car, crossing borders in the EU, you don’t have to adapt to new traffic regulations in each EU member states. Rather, you can expect similar standards in all countries. From now on, it’ll be the same for data protection rules. This change is crucial because data is often processed across borders: Maybe you like chatting with a friend in the Czech Republic, using a French online store or installing the latest apps from a Danish developer. That’s why there is a common legal basis for data protection in all EU member states now, instead of having a patchwork of regulation. Even companies that aren’t even located in the EU but offer their goods and services to Europeans are covered by these rules. While member states can adapt some details of the rules, the basic rights you as a consumer have are valid throughout the EU.

Flexing your muscles: A reinforcement for the EU’s data protection rules

For many helpful products and services you use every day, companies need your data. To make sure that such data-processing companies treat your personal data in a fair manner, the General Data Protection Regulation provides you with some new tools: You can find out, who processes which of your data, you can correct and delete personal data and you can complain about unlawful data processing. The principle of “privacy by default” is a requirement now, for example for apps. All of this makes it easier for you to control the processing of your data. So you don’t have to shy away from seemingly stronger global corporations and providers.

What are the rights of the data subjects? Am I even a data subject?

It’s very likely you’re a data subject, because according to the GDPR that just means that your personal data is being processed by companies, organisations or public authorities. And this happens all the time, online and offline — for instance, when using search engines, signing up for a social network, ordering stuff online or using your bank account. Since your data is being gathered, stored and processed in all of these cases, the GDPR includes some new and some improved rights that are meant to ensure fair treatment of your data. These are the rights of the data subjects and they are valid for all consumers and users in the EU.

OK, so I’m a data subject. What do I need to know about the General Data Protection Regulation?

Knowledge is power: Your right of access
Right of access and transparent information from companies

Self-determined and free: Correct and delete data, unsubscribe from advertising
Rights to object, to rectification, to erasure and to restrict processing

David vs. Goliath? You have strong allies against big companies!
Right to file a complaint and right to representation

A rough guesstimate minus your address = Sorry, you’re too poor for us
Data protection regarding profiling and scoring

Privacy reloaded: A dieting plan for data-hungry practices
Privacy by default and privacy by design

Data protection with an edge: Finally, real enforcement of rights and sanctions
Data breaches, fines for privacy violations and right to sue

Your data, your rules: Your consent is becoming more important
Consent, legitimate interest and purpose limitation

Your medical records are confidential: Special protections for sensitive data
Highly sensitive data and data protection for children

Moving your digital belongings: Easily transfer data between providers
Right to data portability