The GDPR and personal data protection
In 2018, the European Union introduced the General Data Protection Regulation, or GDPR.
Since then, the GDPR has been in force across Europe, stipulating the conditions for the secure collecting, processing, handling and deleting of data, as well as the protection of individuals’ privacy and personal information.
The GDPR mainly outlines data protection rights and compliance areas for countries within the EU and the European Economic Area (EEA). But, the GDPR also covers the protection of data transferred from within these areas to other global locations.
Personal data is defined as any information that can be used to identify a living person.
Organisations, companies and individuals are subject to data protection laws, both in terms of being able to exercise their rights to data protection and in terms of compulsory compliance with these data regulations.
There are also specific regulations outlined in the GDPR relating to the use of personal information by bodies such as the police and the court system.
At Netatmo, we pride ourselves on developing products that effectively protect your personal information. Our Smart Indoor and Outdoor Cameras include integrated microSD cards, so they securely store all footage. Netatmo will never be able to view any of the footage recorded. Of course, you’re also responsible for processing this information securely. Remember, if your cameras also film public spaces, individuals have the right to request access to the footage under data protection law.
Know your personal data protection rights
The GDPR outlines data protection rights, including the right to access the information an organisation or person has about you, to update or amend this information, or to have this information deleted.
Even though you might not always realise it, personal data collection has become part and parcel of daily life in our digital age.
Cookies, for example, are absolutely everywhere on the Internet. While you might welcome cookies with open arms as they optimise and facilitate your Internet browsing experience, they can also collect and process your personal information.
The same goes for online forms: mostly, companies will now ask you to actively tick a box to consent to their processing of your personal information.
However, keep a watchful eye out for pre-selected boxes and small print regarding personal data. That way, you can effectively monitor who’s processing your personal information and why, as well as effectively use your personal data protection rights.
Of course, common sense also applies: you, too, are responsible for the effective protection of your personal data.
Keep your personal usernames, passwords and security codes safe. Make sure you have effective privacy settings on any social media accounts.
Watch out for fraud, too. Never share your personal information online if you’re unsure why you’re being asked to do so.
Always double check with your bank, insurer, or any other organisation that it’s actually them behind that email, text or phone call, before you provide anyone with personal data they could then use illegally.
Third parties will frequently process your personal data to improve their marketing and sales strategies. Not sure why the adverts that pop up for you online are weirdly relevant? That’s why – the sites are processing your browsing habits and other personal data to customise what they show you.
How do personal data protections apply at work?
Personal data protection law, as well as your own personal privacy, is also important in the workplace.
Data protection policy at your company might have changed a lot over the years, especially following the implementation of the GDPR in 2018.
Your company is likely to have a designated Data Protection Officer, or DPO, who is responsible for monitoring the processing and storage of any personal information.
You might also have an appointed Data Controller, or DC, who takes charge of decisions regarding the processing of personal information within the company, and when this data processing is required or not.
In the UK, the GDPR is specifically applied via the Data Protection Act (DPA).
Even if you’re self-employed – as a freelancer, or with your own company – you’re responsible for legally processing any personal information that’s involved in your work.
It might be an idea to add a small print section to your professional email, under the automated signature, that outlines your policy on personal data protection.
That way, any clients of your company – whether it’s small or large – can easily be made aware of your professional use of their personal information, as well as your compliance with the relevant data protection laws.
It’s always reassuring for clients to know that you’ve taken the appropriate steps to ensure their privacy and to adequately protect their personal information.
Individuals will also have the right to request that you share the personal information you have about them, according to the rights of access etc. outlined above.
Usually, you – or your company’s DC or DPO – must respond to a personal data protection compliance request within a period of one month.
However, some personal data protection requests might be more complex and therefore trickier to comply with.
If this is the case for you or your company, you’ll need to notify the individual who issued the data protection request within one month. You – or your company – will then need to make sure you fully comply with the request within a period of three months.
It is usually expected that your or your company will comply with these data requests free of charge, unless very high administrative costs arise. This will need to be determined on a case by case basis.
Under the GDPR, certain personal information is subject to even more stringent protection. This increased protection applies to especially sensitive personal data, such as a person’s religious beliefs, political views, sexual orientation, trade union membership, race and ethnicity.