Our lives are digitised like never before. At the same time, the digital age is still in its infancy, which means we're still getting to know it - and many may not even have felt the consequences of sharing their personal information to the extent that they do.
The very idea of treating personal data as secrets is at the heart of the Data Protection Agency's new GDPR campaign "Everyone has secrets." But how can the campaign be so important when the GDPR is almost 5 years old? We dive into that in this article.
What is GDPR?
GDPR is also called the General Data Protection Regulation or the Data Protection Regulation. It is an EU law that applies in all countries that are members of the EU. The GDPR is supplemented in Denmark by the Data Protection Act. The aim is to ensure the proper protection of personal data, i.e. information that can identify a specific person.
The GDPR primarily describes how companies must collect, protect and store relevant personal data. It also stipulates that companies must not keep the data for longer than necessary.
But it also describes what individuals should expect and can demand from companies, organisations or authorities that collect and process data about them.
GDPR's core principles
At the heart of the GDPR are seven key principles, which are designed to set a framework for how individuals' data can be handled. These principles are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Retention Limitation
- Integrity and confidentiality (security)
- Accountability
However, as mentioned above, these principles are designed to provide a framework for handling data processing and are therefore primarily made for data controllers and processors.
Background to the campaign
In short, the GDPR ensures that others treat our information as secrets. At least, that is the message of the Data Protection Agency's new campaign on GDPR.
Cristina Gulisano, Director of the Data Protection Agency explains that "the point is that everyone has secrets - and that there is nothing sinister in the fact that there are some things you want to keep to yourself. GDPR helps us citizens to have our secrets properly looked after when we entrust them to private companies and public bodies. Few people might immediately associate GDPR with human rights, but the right to privacy is a human right and GDPR helps to protect it."
She adds that since the GDPR came out, the focus has been on guiding authorities and businesses to comply with the GDPR rules. And the aim of the new campaign is thus to address citizens, which is also reflected in the communication, which highlights the GDPR in an easy-to-understand way.
International Data Privacy Day
28 January is International Data Privacy Day every year. The aim of the day is to highlight the protection of personal data, which is why the Data Protection Agency chose this day to launch its new campaign.
The day falls on 28 January because the 108 Convention was drafted by the Council of Europe on this date in 1981. The 108 Convention is the first legally binding agreement in the field of data protection, which aims to protect the right to privacy in line with the European Convention for the Protection of Human Rights. Since 2006, International Data Protection Day has been celebrated by raising awareness of people's rights in a digitalised world.
Why GDPR is important
The GDPR is extremely important for all individuals to know because everyone has information that is processed by public bodies and companies. There is still a need to educate people about the GDPR, although awareness of the GDPR has increased over the years because many people are still unaware of their rights.
The Data Protection Agency is particularly concerned that data protection rules are based on some fundamental rights, including human rights. In particular, the right to respect for private life and the right to data protection are central to the EU and Member States have committed themselves to upholding them. The right to privacy can thus be considered as a human right.
One might be tempted to think that the most important thing is that companies and authorities have a handle on the GDPR so that they process personal data correctly and meet their obligations. But as a "data subject" (i.e. the party about whom others process personal data), you have a number of rights that you need to know about in order to make use of them.
Your rights
The GDPR's seven rights, unlike the GDPR's key principles, are aimed at the data subject. As a data subject, you have seven general rights under the GDPR. These rights are:
- Right of access. This means the right to see the data that is being processed about you.
- Right of rectification. This means the right to have incorrect information about you corrected.
- Right to erasure or "right to be forgotten". If specific conditions are met, you have the right to have personal data about you erased.
- Right to restriction of processing. This involves the right to have the processing of your personal data restricted if one of a number of conditions is met.
- Right to data portability. In some cases, you have the right to receive your personal data or have it transferred from one controller to another.
- Right to object. This right includes the right to object to otherwise lawful processing of your personal data.
- Right not to be subject to an automated decision. In cases where the decision has a significant impact on you, including profiling, you have the right not to be subject to an automated decision. An automated decision means that no person is physically involved in the decision.
It is a good idea to be aware of your rights when others process your personal data. Because, as the Data Protection Agency says, everyone has secrets. By knowing your rights, you can make sure that those who process your data also keep your secrets.
Sources
- Datatilsynet.dk, "New campaign highlights that GDPR is for citizens," 28 January, 2023.
- Datatilsynet.dk, "Today is International Data Protection Day," 28 January, 2021.
Emilie Hartmann
Emilie is responsible for Moxso’s content and communications efforts, including the words you are currently reading. She is passionate about raising awareness of human risk and cybersecurity - and connecting people and tech.
View all posts by Emilie Hartmann