The arrival of the Internet changed many things in our daily lives, but today it is essential and we use it at all hours. The advancement of all technologies and the fact that we do more and more things over the Internet has made more and more data be collected, transferred or managed over the network. A really important fact that we may not realize on a daily basis, but that has a lot to do with the privacy of all the people who, in one way or another, provide their personal data to the different services. In this sense, the European Union implemented what we know as RGPD to control that collection of personal data and how they are used to protect the privacy of users. But perhaps many wonder what exactly the RGPD is, what it is for and who it affects.
The truth is that nowadays rare is the website where we do not have to register or give some of our data to enter, access certain information or make use of any online tool. That is not to mention the sites to which we are providing them almost without realizing it. Before living in this digital age, the way in which we provided our personal data to certain companies or institutions was much more controllable , but the truth is that the way in which data is collected through the Internet has made it necessary to adapt to current needs.
Timeline or history
Although to many it will sound like something recent, the truth is that until the final implementation of the RGPD it has had to go a long way.
- 2012 : January 2012 is when the first proposal for the RGPD is made.
- 2013 : More than a year later, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs had its casting vote.
- 2015 : At the end of 2015, negotiations are held between the European Parliament, the Council and the European Commission (tripartite) to reach a joint proposal.
- 2016 : This is when adoption occurs by the Council of the European Union, with Austria being the only country voting against, and by the European Parliament. The regulation entered into force a few days after its publication in the Official Journal of the European Union.
- 2018 : In the month of May 2018, specifically on the 25th of that same month, the new General Data Protection Regulation or RGPD begins to be applicable.
What is the RGPD
Specifically, RGPD is the abbreviation or acronym for General Data Protection Regulation . A regulation that was born as a proposal in 2012 to create the necessary rules to control the way in which the personal data of all European users is collected, administered and used. However, it was not until May 2018 when it was definitively implemented.
Therefore, it is the European regulation on the protection of natural persons with regard to the treatment of their personal data and the free movement or use of them. The objective of the RGPD is therefore to regulate the treatment of personal data that is collected in any field, medical, banking, derived from any activity on the Internet, etc. As well as trying to unify the principles of data protection in the European Union.
The truth is that, although the RGPD applies to all areas, it is directly related to the great technological changes that we have been experiencing in recent years. And it is that today, there are many procedures that we carry out online, such as the fact of controlling our bank accounts, buying and paying online, but the truth is that even the simplest website or the app that you least expect , usually requests a large amount of personal data for use or access. Data that must be controlled so that they are not handled by the companies that collect them at their whim and even for their own benefit, hence the need to establish this duly updated General Data Protection Regulation.
Most important principles or objectives of the GDPR
Although the RGPD has considerably strengthened the data protection of individuals, however, it does not reflect a great reorganization of the data protection policy, since it maintains the validity of the most important principles, modified to new needs and reinforced. In this sense, the following principles or obtained from the RGPD should be highlighted:
- Prohibition of data processing unless it is authorized : This principle prohibits any manipulation or processing of personal data unless it has been consented and allowed by the person himself. The truth is that not all data is equally important and personal, but the RGPD is categorical and applies to all types of personal data.
- Limitation when collecting and editing data : With this, what you want is to end the massive collection of data. Companies can only collect the strictly necessary data and, in addition, must formulate and document the objectives and their treatment. In addition, you must justify the collection of each data to avoid problems. Therefore, it is intended to meet two objectives, to limit the amount of data collected (only what is needed) and to justify their purpose.
- Confidentiality : Every company, entity or person that collects personal data of its clients, employees or users, has the obligation to protect such data in a confidential manner. In addition, you must apply the appropriate technical measures for your protection, both to comply with confidentiality and in the case of theft of stored data.
- Transparency and legality : At all times, the objective, data and use that will be given to the data collected to users or customers must be clearly and transparently disclosed and that they can apply their rights over them.
- Responsibility : Each one of the companies that must comply with the RGPD must be responsible for complying with all the required regulations, keeping records of everything they do, when they do it and regularly regulating that the regulations are being complied with.
- Storage limitation:
Who is affected and possible sanctions
The new General Data Protection Regulation, RGPD, regulates the treatment carried out by people, companies and organizations of data related to people in the European Union. Therefore, we could say that it applies or affects anyone who collects personal data from other people .
However, it does not apply to the treatment of personal data of deceased or legal persons or to the data that a person processes or stores for exclusively personal reasons or in the context of a domestic activity and as long as they are not related to any activity professional or commercial.
The data protection regulation offers different tools to the data protection authorities in case of non-compliance with the rules, and may apply harsh penalties for different infractions. These sanctions can range from a mere warning, a warning, temporary or definitive prohibition of the treatment and an economic fine.
These fines vary depending on whether the infractions are serious or very serious . In the case of serious infractions, it will be sanctioned with administrative fines that can amount to up to 10 million euros or, if it is a company, a maximum amount of 2% of total turnover. For infractions estimated as very serious, fines can reach up to 20 million euros , and in the case of companies, up to 4% of turnover .
