Sign up with your email address to be the first to know about new products, VIP offers, blog features & more.

Happy GDPR Day!

By Posted on 17 7 m read 305 views
Congratulations!

If you’ve been receiving warning or anticipatory mails about the GDPR coming into force, well, congrats because you lived to see that day and it’s today.

If you’re like, ‘Okay, calm. What is GDHR or GDPH or what now?’, well congratulations as well, you’re in the right place to lessen your cluelessness.

So, on the 14th day of April 2016, a day which was an anniversary of the day the Soviet Union agreed to withdraw from Afghanistan (1988); when the heaviest hailstones ever recorded visited Bangladesh with a bang (1986); when President Abraham Lincoln was shot (1865); when the Titanic hit an iceberg in the North Atlantic (1912)… on this very day in 2016, the GDPR was approved by the European Parliament.

The GDPR is short for General Data Protection Regulation, but its long title sounds like this: Regulation on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC (Data Protection Directive).

Let’s start with the phrase ‘…repealing Directive 95/46/EC Data Protection Directive’. I’d like you to imagine a Kingdom in which a technology-backward monarch is reigning. He should continue his reign but his lack of knowledge about this new technology way of life is slowing the progress of his Kingdom. The king makers have two options. They can decide to enlighten him on what technology is and how it affects his kingdom, but then that’s just so much stress.  Or they may just decide to unseat him and put in a more tech-savvy individual to take their Kingdom to glory. And that’s what that phrase has done. It has repealed a formerly existing EU Directive (which had been implemented since 1998)  and now says that once the GDPR is enforced; it will be the new monarch in charge. You can check out the old monarch here

Now what does this new king; the GDPR, have to offer us.

First, we know that although monarchs are super powerful and ought to be respected, their power, no matter how great it is, only exists over the people which they rule. So an important question would be to find out who the GDPR applies to. I mean, it was adopted and approved by The Council and European Parliament, so why is it now a ‘world thing’.

The answer is simple: The GDPR is focused on protecting the data of EU residents – that’s its focus. But now, technology has made it so that EU residents can have their data in the hands of non-EU residents. So whether or not you stay in any of the member states of the EU, as long as you process the data of one or more EU residents, you should pay close attention to what the GDPR says. 

Now, I cannot possibly write on everything in the GDPR. It’s actually an entire package of data protection regulations, so you can imagine its length and the variety of subjects it covers. I’ll however discuss some salient/interesting points I came across.

  • Did you know that in the EU, the right to protection of a person’s data is a fundamental right? Like a basic human right? Like the right to life and freedom of expression? And I think this makes sense because if you can guarantee privacy as a fundamental right, it follows that personal data protection should also be explicitly captured.
  • Also, the GDPR both protects personal data AND ensures the free flow of data within the EU. THAT, brother and sister, is the idea of TechReg. Controlling and yet advancing. In its recital/justification, the GDPR states that: 

    The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data”

  • Also, the GDPR only applies to the data of natural persons (human beings); not legal persons (like companies). Although if you’re a company collecting the data of a human being, you’re captured to submit. 
  • The GDPR does not apply when individuals are carrying out their normal personal or household activities but applies to controllers who provide the means for processing personal data for such personal or household activities. (jbwqwgvidyu. Lol).  Let me try to explain this. For instance, an EU resident goes to a store to buy some supplies for their house. The storekeeper knows everything they’ve purchased and that’s data. But the provisions in the GDPR do not apply here. The provisions will, however, apply in the situation where some technology or other mechanism is provided to store or process this harmless household and personal data. For instance, if the EU resident uses an app to create and store their grocery list; then yes, the app admin has to comply with the GDPR.
  • Remember I said that the GDPR is more concerned about the data of EU residents and would hunt you down even if you aren’t in the EU but handle the stipulated data? Well yes. You may be in some office in Ajegunle or in a corner in Ikoyi, as long as you or your business outfit is offering some goods or services to persons established in the EU (whether for a fee or for free), you must comply with the GDPR. The question then is how will they catch you? How will they know whether you’re servicing or offering goods to EU residents. Well, there are some indicators the GDPR proposes; like if your site or platform or entity uses/offers the option of certain language(s) or currencies used in one or more of the Member states of the EU, couple that with the possibility of ordering goods or services in that language or currency, or you mentioning customers/users in the EU, then there’s the presumption that the GDPR captures you.
  • A second way a non-EU resident can be subject to the provisions of the GDPR is if he’s monitoring the behavior of EU-residents. This is basically the use of data techniques to track people on the internet. And before you go, ‘Track?? Me? Pffft! Sounds like some CIA business. I can’t even track a song. LOL’. Well first of all, you can do all things (say ‘amen’). And second this just means that you’re profiling people in order to take a decision or to predict their preferences or behavior. And just in case you’re still thinking, ‘Profiling?? Ain’t nobody got time for that’, well, have you heard of ‘Cookies’ before. (I shall write about this very soon). But if you have a website that uses cookies, you’re pretty much monitoring the behavior and preferences of your visitors/users. If you want to carry out a cookie audit on your website or any website at all, visit Cookie Checker. It’s a beautiful tool.
I did one for this site

I did one for this site

So How Do I Comply with the GDPR?

Perhaps the first way to comply with the GDPR is to actually know what it says. It’s a really long read, so you might want to space yourself out and take relevant notes. You may download it here in different languages.

When you know what it says and you are armoured with its provisions, you must align yourself/your business entity/ your website to its provisions. Please note that you’re expected to be compliant by today, the 25th May 2018.

Practically, you may want to

  • Update your privacy policy so that you state in clear and unambiguous terms what data you’re processing and what you’ll be using the data for. Also, don’t just state it, let your site users give an affirmative consent (e.g. by ticking the box). Don’t use pre-ticked boxes. Also, don’t forget to include the bit about cookies, if your site is using. You may tell them that they can disable the cookies if they want. 
  • Check your mailing list and if there are persons who haven’t given affirmative consent, you may want to reach out to them to remind them and give them a deadline.
  • The GDPR requires that to collect the personal data of persons under the age of 16, you need parental consent. So you may also want to enable an age verification system just to be doubly sure. It doesn’t have to be them stating their ages, it can be ‘I affirm that I am 16 years and above’

And so on.

The GDPR is a lot! And it’s not optional especially if you fall within its scope of reach. So get two boxes of Pizza and some Zobo, get your team together, study the GDPR if you haven’t and align yourself (there’s a joke here about being aligned by the monarch ‘ruler’; the GDPR, but I can’t place my hands on it).

 

Thanks for reading!

Edit

My friend and commenter below; Kevwe, gave this awesome suggestion for self-assessment. 

If you’re a data controller (you have data in your control and care), take your self-assessment test here

If you’re a data processor (perhaps you receive data from other sources to use), take your self-assessment test here

Check here for other tests

 

I’d love to hear your comments, below!

 

 

Share this article

17 Comments
  • Oluwanifemi
    May 25, 2018

    Another very useful post. This is one of the few sites I visit without being compelled to.
    Thumbs up Boro, you’re doing a great job

    • Adeboro Odunlami
      May 25, 2018

      Thanks Nifemi! I’m happy you found it useful!

  • Sarah_Kev
    May 25, 2018

    Loved it! One of the best pieces on GDPR I’ve read up. If businesses want to be sure they are in compliance they should take the ICO’s self assessment kit at ico.org.uk
    The regulation is policed by the European Data Protection Board. Don’t let the word regulation fool you, in the EU that’s hard law backed by sanction. So happy compliance!

    • Adeboro Odunlami
      May 25, 2018

      Thanks for this Kevwe! Editing the article to accommodate your suggestion.

  • Demilade
    May 25, 2018

    This gave me something to think about sha. I zoned out at a point and zoned back in, because i definitely will be Tdoing business with EU citizens! Saw the GD-whatever in my inbox already sef. thanks for the headsup!

    • Adeboro Odunlami
      May 25, 2018

      Exactly! Lol. You’re welcome

  • Moyo
    May 25, 2018

    You just saved my life because I have to write a summary of this thing and it just looks too long and I just cant begin to unravel it right now and this just helps start the process in my head …THANK YOU!!

    • Adeboro Odunlami
      May 25, 2018

      Haha! You’re welcome Moyo

  • Tola
    May 25, 2018

    Boro!! … Madt!! Super awesome write-up and Love the title …. “HTML”

    • Adeboro Odunlami
      May 27, 2018

      Tolaaaa! Thanks boooo!

  • David Rotimi
    May 26, 2018

    Wow Boro thank you so much for making these complex things simple. You are amazing. Welldone!

    • Adeboro Odunlami
      May 27, 2018

      Thanks a lot David!

  • Christian
    May 26, 2018

    Simply put… Now this is communication. Up thumbs ‘Boro!

    • Adeboro Odunlami
      May 27, 2018

      Thank you Christian!!

  • Sarah S
    May 31, 2018

    How you manage to still be witty when writing something serious got me thinking. Awesome and self-explanatory!

    • Adeboro Odunlami
      June 6, 2018

      Thanks!

Leave a Reply to Adeboro Odunlami Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.