5 Things You Might Not Know About the GDPR

The EU’s General Data Protection Regulation, better known as the GDPR, is a law people residing in or doing business with the EU have likely heard of at one point or another. But do you know about where the inspiration for it came from or what effect it has had beyond the EU? In this edition of The Ballot, we would like to introduce some facts about the GDPR which might be news to you.

1. The GDPR Can Be Traced Back to the 1950s

Now, we know the Internet didn’t exist in 1953, but that year the Council of Europe passed the European Convention of Human RIghts. Article 8 of the Convention stated that every person has “the right to respect for [their] private and family life, [their] home and [their] correspondence.” Later, when the internet entered our daily lives and it was easier than ever to give out sensitive data, EU policymakers decided that the GDPR was necessary to preserve this right in the digital realm.

2. Fines For Non-compliance Can Be Steep

As US President Thoedore Roosevelt once said, “Speak softly and carry a big stick.” This phrase, meaning that one should talk nicely to others but remind them of your strength, is a good phrase to use when describing how the EU enforces the GDPR, namely through fines. While fines for smaller firms rarely exceed a few thousand Euros, the European Data Protection Board can give out much higher fines, such as the €1.2 billion fine Facebook received earlier this year for non-compliance.

3. The GDPR Applies Everywhere - If You Are Working with EU Residents?

The GDPR is a law drafted within and covering the 27 member states of the EU, but its reach extends far beyond that. As stated in the GDPR text, “transfers” of EU resident data to other countries “may only be carried out in full compliance with” the GDPR. So, even if your organization is based outside of the EU, all of the rules of the GDPR apply if you handle data from EU residents as part of carrying out business.

4. The GDPR No Longer Stands Alone?

When the GDPR went into effect in 2018, the response from some non-compliant countries was to simply block web traffic from the EU, perhaps hoping that they could get by without following the EU’s example. However, five years on, the trend is clear: data protection is in and it's here to stay. Outside of Europe, five US states, Chile, South Africa, and even China have passed data protection laws inspired by the GDPR to date, with more likely to come.

5. Citizens Are More Aware of their Rights Online Since the GDPR’s Passage

One reason why the GDPR has been successful in its aims is not just the detailedness of the text or the ability of the EU to fine non-compliant organizations, but also greater citizen awareness. Since the GDPr went into effect, more than half of EU citizens are aware that they are allowed to access their personal data held by both public and private organizations. After all, it's your data, and you have a right to it.

Written by Alexander Boylston, writer at Assembly Voting