The right to be informed? The right to be forgotten? The right to object? The right to data portability? Privacy by design? Privacy by default?
Haven’t heard of any of this yet?
Well, these are the principles of the European General Data Protection Directive (GDPR) which will replace the 28 different national data protection laws in Europe (at least most parts of it…) on the 25th of May 2018 – and which will change the way personal data is collected, processed or used in Europe to a great extent. In a nutshell, GDPR will apply to all companies that process personal data of EU residents regardless of where these companies are registered.
GDPR - It’s all about the customer
There are a lot of important topics within GDPR but for the purpose of this blog we will focus on one of its key objectives, the goal to strengthen the “rights of the data subjects” or in layman terms: to strengthen your rights!
As some of you are aware, already now European national data protection laws entitle you to important personal rights such as the right to rectification, erasure or blocking of data. But GDPR goes even further.
Under the new law the company has to be fully transparent about what it wants to do with your personal data. “The right to be informed” in the GDPR is much more extensive than in the existing national data protection laws. Companies are obliged to keep you informed, in a way that is easily understandable – even if you are not a lawyer.
Processing of personal data - what does it actually mean?
Based on these information you can consent to the processing of your personal data – which means ultimately accepting it: un-clicking a pre-clicked box is not an option for companies within the scope of the GDPR. Even if you gave your consent for collecting, processing or using your personal data to a company you can withdraw it at any time without further explanation (covered under “the right to object”). The company then has to erase your personal data (unless there is a legal obligation to keep it, e. g. for the establishment, exercise or defence of legal claims).
If a company has shared your personal data with third parties based on your consent, it is obliged to inform them about your withdrawal. It means that these companies have to respect your withdrawal as well. This is the so-called “right to be forgotten”.
Another consumer-friendly regulation within the GDPR is the “right to data portability”. This right gives you a legal basis to retain any personal data you shared with the company and to transfer that data to another company. Basically, if you want to change your service provider, you can take your data with you.
As you can see, the GDPR will provide you with a lot of rights and will lead to a greater transparency than the existing European data protection laws. If you are interested in knowing more about your rights under GDPR please check the full text on the GDPR on the European Commission’s homepage.
How does Geeny fit into all of this
First of all, Geeny was designed in accordance with the “privacy by design” concept which can be found in the GDPR. Privacy by design means – to keep a long story short – that data protection was included in every step of the data process design, and not merely as an addition to already designed systems. Data protection comes first for Geeny. It is its core and not just a nice-to-have add-on.
Geeny will only collect, process or use the data that is absolutely necessary for its business operations and core platform functionalities – this concept is called “privacy by default” which can also be found in the GDPR.
We keep it simple
Imagine that at some point you will want to erase your data from the platform. How do you go about it? You can easily do it on your own. Beyond that, we will provide you with full transparency regarding the collection, processing or usage of your personal data. You will also be able to transfer all your data from Geeny to another provider. If at some point you don’t agree anymore with any of our data processing activities that you agreed to before, speak up and we will accommodate your concerns.
If you connect your IoT devices to the Geeny platform you will get a full overview and control over all your data generated by these devices. You will be able to combine data from all your IoT devices, store data from devices no longer in use and share it with anyone you want: service providers, family members or even professionals such as a doctor or your insurance company. YOU decide what you want to share, with whom and for what reasons.
With GDPR you will get back control over your personal data – and with Geeny you will too!
Any further questions? Just get in touch below!