GDPR: Five Myths Debunked About Its Personal Data Regulationbr>
GDPR, perhaps the biggest consumer-reaching personal data legislation to pass in recent years, marks the first time many citizens became aware of the concept of personal data control in their lives. GDPR has enabled consumers to understand their data privacy rights and responsibilities — giving power back to data subjects who may have not even known they were without it in the first place.
But, as important as GDPR was in the fight for personal data rights, parsing through the regulation to understand its implications can be complicated for consumers.
To help consumers fully understand it, and to avoid confusion that can lead to costly mistakes, here are the top 5 myths about personal data and GDPR.
Myth #1: Companies can collect whatever data that is available to them
While there are many different types of data companies can collect and use, the list is not infinite. Companies cannot simply vacuum up your data and then use it as they wish — data use must be relevant to their stated purpose.
Myth #2: Companies can collect and use any kind of data they want.
As the aforementioned myth references, companies can collect and use a lot of different types of data about a person. However, there are restrictions on the use of some of them. Use of data on a user’s personal life, for example, can be strictly regulated. Speaking of personal data, it’s important to remember the European Union’s definition: “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life… anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
Myth #3: Consumers have no say in who uses their data
Thanks to GDPR, companies need to meet certain criteria to use your data. That criteria can include consent from the data subject — which is why any company whose mailing list you intentionally or inadvertently signed up for emailed you when the new privacy rules kicked in. Those companies, who may not have understood what the new rules entailed, asked their existing customer databases to reconfirm their consent to be contacted. In most cases that reconfirmation was unnecessary. If you’ve consented to receive email marketing in the past, your consent is still valid. So, you would have had to respond “no” to those emails to be removed from the mailing lists. Under GDPR, companies do need to receive email marketing consent in the case of new customers or customers who are otherwise not in their databases.
Myth #4: There’s no way to access the data being collected about me
There are many blockchain companies building innovative applications to safely store user data and provide the computing power to use it. These companies empower users to know how their data is being harvested, what it’s used for, and who is using it — believing that data ownership should belong to data subjects and creators. In the future, all data will be traded, bought, and sold on a decentralized data exchange platform to enable users to own and control their data.
Myth #5: GDPR protections are only for EU citizens
Yes, these protections are explicitly for European Union citizens, but the requirements on companies have no borders. If a company wants to process the data of an EU citizen, they must follow these requirements, wherever that citizen happens to be geographically located.
DxChain is a big data and machine learning network. DxChain tackles major big data issues such as privacy, ownership, and security while supporting business intelligence and machine learning applications. Users can employ its decentralized data exchange platform to trade data and protect their digital identities. DxChain is led by CEO Allan Zhang, the founder of Trustlook (a company that develops AI-based cybersecurity products), and by Chief Scientist Wei Wang, the former Principal Scientist on blockchain technology at AT&T Research.