Details“General Data Protection Regulation” (hereinafter “GDPR”) of EU has taken effect since May 25 2018. On the day when the GDPR came into force, many US news websites, including the Chicago Chinese News and the Los Angeles Times, met some problems when they were viewed in the EU because they failed to obtain timely user authorization.
After nearly four years of discussion and a two-year transition period, EU’s “GDPR” came into effect in all the EU member states. This is considered to be the most stringent network data management regulation in the history of EU. It will have a profound impact on the development of the Internet and other industries of EU members.
The “GDPR” has substantially expanded the definition of “personal data”, which includes general information such as mobile phone number, user name, IP address, location address, as well as sensitive information such as biological information, health data and political opinions. Users will often need to choose whether to authorize companies or organizations to obtain their personal data. Users also have the right to require companies or organizations to delete user’s own personal data, which is named as “right to be forgotten”. Meanwhile, the user’s “right to be forgotten” is not absolute and must meet certain conditions.
Regardless of whether a company is in the EU or not, as long as it has business relation with EU companies, or involves in storage, processing or exchange of data of any EU citizens, it is within the scope of this regulation. For example, a Chinese company may not have any branches in the EU, but EU users register on the Chinese company website to purchase goods and services. At this point, if the Chinese company improperly collects information from EU users, EU authorities may impose hefty fines on this Chinese company. A special reminder is that in the future, the data storage period should be as short as possible, and once the data is no longer useful to the company, it should be deleted. A common practice for many Chinese companies is that as long as the data enters the corporate data system, it will be saved forever without deletion. In the future, this practice need to be changed.