RGPD - Users take back control

The GDPR seeks to clarify and harmonise the methods of processing personal data while placing the individual at the heart of the legal system. The latter's rights are thus strengthened.

How many times have you received an email from an unknown company offering an unknown product that you have absolutely no use for? How many times have you asked a single company to remove you from their database, as you no longer wish to receive their newsletters or promotional offers? How many times have you seen your data used "against" you? In your private and/or professional life? How many times? Thanks to the new European regulation, you will no longer have these problems. At least companies will be severely sanctioned in case of non-compliance.

  • Full control over your personal data

In 2015, more than 75% of internet users were concerned about their privacy in the digital age and 70% felt they had only partial control over their personal data, despite the laws already in place.

Every European citizen will now have the possibility to impose the application of the GDPR and to assert the rights and guarantees that go with it on any company (European or not) that collects his or her personal data, thus limiting intrusions into the private or professional life of the individual.

  • The right to be forgotten

You already knew about the right to modify and withdraw your data, which consists of modifying your personal data or removing them from a company's database.

The GDPR adds the right to be forgotten: " the data subject shall have the right to obtain from the controller the erasure of data relating to him or her as soon as possible and the controller shall have a duty to erase such data as soon as possible" (Article 17). It can be requested on 6 grounds:

  • the data is no longer needed
  • the person concerned withdraws consent
  • he/she objects to the processing of his/her data for canvassing purposes
  • the data have been processed unlawfully
  • the data must be deleted to comply with a legal obligation
  • the data were collected in the context of a service offer to minors

This means that you will be able to ask companies to delete your personal data, stop dissemination and thus prevent third parties from accessing and using it.

  • Profiling

According to recital 71 of the GDPR " any form of automated processing of personal data intended to evaluate personal aspects relating to a natural person, in particular in order to analyse or predict aspects concerning the data subject's work performance, economic situation, health, personal preferences or interests, reliability or conduct, or location and movements, where it produces legal effects concerning the person in question or similarly affects him or her significantly".

The RGPD will also intervene on this point. This is all the more important as most of the personal data about us available on the web does not come from a conscious deposit of data on our part but from a complete traceability of our entire navigation on the web. It was then easy for companies to offer you interesting content and products according to your tastes and interests.

From 25 May 2018 you will be able to ask for your data to be forgotten for commercial purposes, thus preventing Big Brother from watching you and taking back control of your consumption and your privacy.

  • Consent 

If a company or organisation is not in a contractual relationship or under a legal obligation, is not pursuing the public interest or vital interests of an individual, or does not have a legitimate reason for holding personal data on that individual, it is not entitled to process it unless the user has given prior explicit consent. The company will now have to obtain explicit consent from the data subjects to process their personal data for commercial purposes (or marketing, statistical analysis, resale to third parties, etc.) and create a register to prove this to the CNIL and the data subjects.

The right to be forgotten is fundamental for the respect of privacy, especially in the digital age where everything remains hidden somewhere on the net and can have negative repercussions for the user.

In the past, you had to justify your request for the deletion of your personal data by one means or another, but today the emphasis is on the data controller, who must justify the refusal of the request. As an individual, if you notice a breach of the regulations, you can complain to the relevant legal institutions (CNIL).

The General Data Protection Regulation now aims to protect consumers and individuals from abuse by companies and institutions, to give them back control over their personal data while simplifying the regulatory environment for businesses. Good news in the digital age!

Similar articles