What is it all about?
- Companies need to be transparent with how the collect data from users, and they now need to actually be explicit in their data collection requests
- Users should have the capability to access, manage, or delete their own data
- Companies are also given three days to let users know if there have been data breaches or hacks.
Why did they do this??
Facebook was recently embroiled in the Cambridge Analytica Scandal concerning data collection of up to 87 million facebook users, to create targeted ads, and was particularly a hot topic because it involved influencing voter’s decisions during the 2016 US Elections. Thus, the EU came up with new rules to protect their citizens from data leaks. Any company which will violate the GDPR will incur a hefty fine of up to 4% of global revenue.
What do I need to do??
In addition, it’s high time to think of more ways of making your online accounts more secure. Some suggestions are to
- Remove autofills
- Schedule to change passwords regularly
- Turn on two step verification, and
- READ website policies before submitting any personal information.
Is that it??
In the Philippines, we also have the Data Privacy Act of 2012. This also in effect requires companies to comply with specific data privacy requirements stated in the provisions. This states a lot of [ideal] stuff, but basically also means that companies need to be very specific with how the collect data, what specific data they collect, and how this data is stored and secured. Though most of these imply added security for consumers, most data are still very prone to leaks and hacks. Some local banks have reported getting attacks almost everyday.
Nonetheless, be very careful where you store any sensitive information, as technology has made it easier for other parties to get hold of your personal data and use it in many ways. If you can, rethink how you securely you store passwords, private photos and important documents on the internet.