finxol.io
1---
2title: All You Need To Know About GDPR
3description: GDPR is a series of laws and regulations adopted in May 2016 by the European Parliament and Council to enable EU citizens to have better control over their data online.
4image: /blog/european_union_padlock.png
5date: 2020-11-15
6authors:
7 - name: finxol
8tags:
9 - article
10published: true
11---
12
13The GDPR, or General Data Protection Regulation, is a series of laws and regulations adopted in May 2016 by the European
14Parliament and Council to enable European Union citizens to have better control over their data online.
15It has been in effect from 25 May 2018.
16
17To all non-european readers, this article is mainly intended to europeans, but you can still read the first two parts to
18know more about GDPR.
19You're not directly affected by it, but this initiative has sparked other data protection laws like
20the [Consumer Privacy Act in California](https://www.osano.com/articles/gdpr-vs-ccpa).
21
22## What is GDPR ?
23
24The intent of GDPR was to gives european citizens more control over what data about them is stored and for how long.
25
26That way, european citizens are legally backed up by the EU in terms of data protection and people or organisations who
27use digital services are obliged to state what data they keep about you and what they do with it.
28
29The other great point about GDPR is that it applies to everyone operating in the EU, so european citizens aren't only
30protected on websites but also at work or even on the streets !
31
32But it's also enforceable for companies and corporations.
33
34## What it has already done
35
36Over the 4 and a half years since it has been acted, it has enabled several Courts of Justice within the EU to deliver
37some, sometimes very expensive, fines to tech companies, but not only.
38
39You can't really draw up a typical profile for people who received the 410 fines given out so far.
40Some were given to companies, others to individuals, political parties, restaurants, universities, airports,
41institutes...
42
43Recently, H&M got fined 35,258,707.95€ in Germany for tracking its employees, and British Airways got fined 22,000,000€
44for being hacked as British Information Commissioner ICO said this hack was preventable.
45The Dutch National Credit Register BKR was also fined 830,000€ by the Dutch Data Protection Authority for making their
46customers pay to access their private information.
47Even an individual person was hit by an 8,000€ fine for having CCTV cameras monitoring public space in Greece.
48
49The largest fine given so far was by French Data Protection Authority CNIL to Google, who had to pay 50,000,000€.
50The smallest was given by the Estonian Data Protection Authority to a police officer in Estonia, who was fined 48€.
51
52Although not directly linked to
53GDPR, [the EU also fined Google 1,490,000,000€](https://www.theguardian.com/technology/2019/mar/20/google-fined-149bn-by-eu-for-advertising-violations)
54as part of its war on GAFAM.
55
56## How to use your rights
57
58These laws also directly give you some power over your data.
59
60Your rights are :
61
62- The right to request reading and retrieval of your data
63- The right to request rectification of your data
64- The right to request deletion of all or part of your data
65
66In short, GDPR theoretically gives you complete access and control over your personal data.
67But sadly, reality is a little more complex, as some website and services use what are
68called ['dark patterns'](https://www.wired.com/story/how-to-spot-avoid-dark-patterns/) to try and discourage you from
69using your rights.
70
71Concretely, they offer these options (because they are legally obliged to) but hide them in lots of different sub-menus
72and complicated access paths to make it as hard as possible to use them.
73And that isn't illegal.
74
75Still, we're not going to go into much detail about that problem in this article, so let's move on to how to use your
76rights.
77
78To help you use your rights, many websites have been created. Here are a useful links :
79
80- With [JustDeleteMe](https://justdeleteme.xyz/), you can find information on how easy it is to delete your account
81 on many websites, but also details and links to help you do so.
82- You can download all the data from your Google account with help from
83 [this Google help page](https://support.google.com/accounts/answer/3024190).<br>
84 Before you do so, you should know that this procedure will download everything you have ever saved with Google
85 services,
86 so if you've had your account for a long time the file will be very big, and you will need a lot of time ahead of you
87 to read everything !
88- You can download all the data from your Facebook account with help
89 from [this article from FossBytes](https://fossbytes.com/download-facebook-data-copy/).
90 As for Google this will download everything, so if you use social media a lot — not only posts, but also comments,
91 likes, conversations... — the file will be big.
92
93For other online services or companies which don't directly offer a retrieval or deletion option from their website, you
94can email them asking to do so.
95You can find help for writing this letter on
96the [ICO's website](https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/preparing-and-submitting-your-subject-access-request/)
97.
98
99They should answer favourably to your request, but if they don't reply after several enquiries or refuse to comply with
100your request, you are entitled to start a legal challenge against them.
101You should only go that far if the data is very sensitive or if the company isn't too big, as that kind of procedure is
102often very long and costly.
103
104Alternatively, you get in touch with a consumer association.
105They can usually talk with companies more easily than individuals, or group together the requests of several people to
106have more weight against larger companies.
107
108<br><br>
109
110*External resources :
111[GDPR Information from the European Commission website](https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en)
112,
113[Every GDPR fine since 2018](https://www.privacyaffairs.com/gdpr-fines/),
114[What counts as personal data ?](https://www.which.co.uk/consumer-rights/advice/what-counts-as-personal-data-according-to-gdpr)*