by Karolin Koestler, Marketing Manager EMEA
It feels like just yesterday that the EU implemented the General Data Protection Regulation (GDPR) to govern data privacy. Yet recently, another privacy act, the ePrivacy Regulation, is currently being proposed. Also from the EU, and in fact created by the same governing body, the ePrivacy Regulation’s aim is to align the online standard of privacy with what’s covered by the GDPR.
Needless to say, this impacts virtually every business everywhere, as GDPR and also the ePrivacy regulation apply to you if you do business with EU citizens, regardless of which country you operate in.
In a nutshell, the ePrivacy regulation will complement the GDPR and spells out the specifics for personal data safety and privacy. Here’s how.
What the GDPR does
The GDPR aligns data privacy laws across all EU countries. If you’re a retailer anywhere in the world doing business with EU citizens, both laws apply to you. Under the GDPR, any EU citizens’ information is protected, regardless of whether you process their information within the EU or not, and regardless of where your company is located.
This applies to all metadata that’s created as a result, too. The GDPR also strengthens the area of consent as to how you can use an EU customer’s personal information or whether you can share it. Further, if you take any information from EU customers, you must maintain it and make it available to the user, if requested.
There’s also a critical ‘right to be forgotten’ under the GDPR—an important development in the Internet age, where almost everything that’s ever been published about people remains accessible forever.
What ePrivacy regulations do
The European Union ePrivacy regulation specifically will cover electronic communications, aligning all the different online privacy rules that exist across EU member states. While the GDPR specifies protection of personal data, the ePrivacy regulation will cover the confidentiality of communications.
Ultimately, both laws will work together to ensure that internet users have control over their data and that the onus is on all website creators and operators to maintain all user data in a way that guarantees that their information is safe.