Blue Flower

GDPR provides the following rights to individuals

GDPR provides the following rights to individuals:

  • The right to be informed what data is held about them
  • The right of access to the information
  • The right to rectification of the information
  • The right to erase the information
  • The right to restrict processing of the information
  • The right to data portability
  • The right to object

Companies need to have systems and processes in place to respond to any request from an EU resident within 2 weeks.

Net net under GDPR, EU residents must provide positive consent for the ways their data is used. Any breach of the data protection regulations must be reported to relevant national authorities within 72 hours.

GDPR does not apply if the EU resident is outside of the EU when the data is collected.

 

Who Does GDPR Apply To?

Companies will need to comply with GDPR if they are targeting, harvesting or processing EU residents’ data. They need not be directly involved in collecting the data to be covered, being a secondary aggregator or processor is sufficient to require compliance.

For example,

  • If you are an app developer with a game in Apple’s app stores in China and the EU, even if only a fraction of 1% of your customers are from the EU, you need to be compliant. Will the cost of complying be worth it?
  • If you sell a mobile phone, tablet or PC in Europe, and that device sends data back to you about how it is used to allow you to develop enhanced future models, that will still need to be compliant.
  • If you are an airline bringing travelers to China from the EU, you will need to be compliant.
  • If you operate an online B2C business selling to consumers or businesses in the EU, you will need to be compliant.

 It is fair to assume that initially, regulators will focus on the largest collectors of data – the US online tech giants. But that doesn’t stop individuals themselves seeking to review the data that a Chinese company holds on them. It is almost too easy to expect that journalists will be writing stories on their experiences in seeking to access their data from all sorts of companies. Chinese companies don’t want to end up with a reputation for recalcitrance.