GDPR- What It Is and How It Affects Non-EU Citizens and Consumers

An acronym for General Data Protection Act, GDPR is the most recent of regulations in European Union law. The law was effected on 25th May 2018 and businesses that do not comply face a significant risk of heavy fines. In fact, the fines may run up to £20m. The figure is in euros because I seriously cannot convert that amount to Kenya shillings. It’s as depressing as the fact that Kenya lost close to 10 billion on corruption in 2018 alone.

GDPR protects personal data privacy of individuals in the EU and the European Economic Area. It has been a work in progress that set off in 2016. Since then, the Council of European Union and the European Parliament have been perfecting it and rolling out its implementation. While the deadline was 25th May 2018, the fines are yet to be rolled out. According to the process, you only incur a fine after two warnings, but why risk the first strike?

It’s purpose

If you are reading this I’ll assume you live in this century, tech-wise. This means you know all about Cambridge Analytica and the Facebook involvement. Apparently, Analytica ran an ad on Facebook that collected personal data that was used to influence elections. The details are much more complex than that but you get the implications. The backlash was so terrible when the scandal erupted that led to the hashtag delete facebook (#deletefacebook). In fact, this movement was so critical that tech celebrity Elon Musk deleted his account with millions of followers. Mark Zuckerberg also had to face the Congress. It was a mess left, right and center.

In their defence, Google, Facebook and many other applications create a metric based on the data you provide to personalize your feed. For instance, Facebook knows your age, gender, geographical location and friends. This is why the suggested friends are people you would connect with, outside the application. For instance, my Facebook Page lists me as the admin and I use the book and blog hashtags very often. As a result, my FaceBook feed is full of book and bloggers recommendations.

So GDPR seeks to let you control the information you provide and how long a website provider can store that information. Under the GDPR, there is a cookie privacy policy popup on new sites you visit. Clicking accepts lets websites store your metadata for a given period. Another GDPR compliance instance is the comment section of any sites you visit. From the picture below, the checkbox lets my site store information about you. To be fair, am still learning where so, for now, you are safe.


The checkbox in the comment section as required by GDPR

Anyway, if you have previously commented on my website, you have noticed that the second comment appears automatically. The previous system was set up in a way that I have to approve all comments before they appear to protect this website from spam. With GDPR compliant sites, you choose whether your comments get approved every time. For blogs you actively engage in I’d suggest you tick the checkbox. For the one time affairs, leaving it unchecked is probably safer.

Why you should care

Remember the last time someone told you a half-truth? And went ahead to exploit the other half they did not to their advantage? Remember the rage? Well if you voted (in Kenya and Britain) then you are conversant with the neglect from facebook. Remember how you only saw specific ads based on elections? Well, I do, and I didn’t even vote. But that manipulation was a knife in the heart. I remember with the #deletefacebook movement, I read an article about how to delete the information web providers have about you.

Yeah, I followed the link, changed a few systems and denied some applications access to my Facebook account. Here’s the article that guided me on how to delete everything Google secretly records. Seriously though I do not know why Candy Crash needs access to my Facebook, it’s just a game. But by properly fixing the jigsaw puzzle that is your internet data, it is simple to create a version of you. Let’s not talk about phishing, hacking or identity theft.

How GDPR affects everyone on the internet regardless of whether they are in the EU

GDPR forces websites or any other processors of data to tell you what data they collect from you, how they store it and who they share it with. Actually, you can even ask a blog to delete all the data they have on you, without any explanation whatsoever. If this is not internet democracy, then I don’t know what is.


Myths about the GDPR debunked

If you have made it this far, then you are woke fahm. From the administrative side of the website, I commend you. If I was not a blogger, I would probably be ignorant about GDPR too. Even more so if I was not in the European Union, which I am not by the way. In my quest to find out more about these regulations I came across many ‘facts’ that I now know are false or half true.

  • Half Truth: GDPR affects EU citizens and processors of personal data only.
  • Fact: GDPR affects everyone- all processors of personal data worldwide and visitors who benefit due to this inclusion
  • Half Truth: GDPR affects only big companies with a presence in the EU.
  • Fact: If you have even one subscriber to your blog from the EU, it applies to you as well.
  • Half Truth: I can just block persons from the region from accessing my site and forego GDPR.
  • Fact: There is already a proposed bill that will ban geographical discrimination. You are just postponing the problem.
  • Half Truth: I need a lawyer conversant with EU law to be fully compliant under that law.
  • Fact: No, you do not. There are measures in place to make you compliant saving you thousands in legal fees.

This is not a comprehensive list and I know little about EU law. If you have anything to add or refute kindly use the comment section. If you are a Kenyan blogger then this article is just the first step to being compliant. But you can view my Privacy policy and full disclosure page for guidance. I am not yet fully compliant, still looking for a cookie notice plugin and am yet to update my mailing list but I will detail the process here as I go along.

What GDPR means for non-EU citizens

Being a citizen of a country that is not a member of the European Union or those that left (Brexit) is beside the point. You should take charge of the information you provide to websites you visit. There are thousands of blogs mushrooming everywhere all the time. In fact, WordPress estimates that 27.5% websites use it which totals to a whopping 75 million websites. Imagine leaving your information on all these websites which are extremely easy to open?

While most blogs are there to provide information, some may be there to collect. And if they do it without informing you then this is a breach of personal data privacy. The internet is a goldmine. Unfortunately, anyone can mine, even those with fishy intentions. And even if you are careful, your favourite websites may be hacked. My personal favourites are HuffPost by Arianna Huffington and Forbes. As acclaimed websites, them being compliant is an advantage to non-EU citizens.

If all these three reasons are not appealing then just think of the intelligent conversations GDR can start. It’s the millennial version of talking about weather… because who has time to actually go out when you can order everything from the comfort of your floral duvet in a vanilla scented room?

Breeches and fines by GDPR

As a consumer, fines and breeches are not really something you should be overly concerned about. But just in case you need facts for amazing conversations- processors of data who breach it may incur costs of up to £20m or 4% of their annual corporate turnover, whichever is more. It is also paramount to note that this law replaces the 1995 Data Protection Directive.


Bottom Line

This is the 21st century. you cannot claim ignorance as a response to crimes related to your personal data. The most common mistake is consenting to popups without knowing what you are subscribing to. Protect your personal information and control the essentials you need for a maximized user experience. The GDPR enables you to do that and while this is commendable, it is pointless if you do not understand it. I admit am learning more about it every day. Learn as much as you can, and when you think you are done, learn some more.


7 thoughts on “GDPR- What It Is and How It Affects Non-EU Citizens and Consumers”

  1. Thank you for taking the time to share all of this information. This is really valuable, especially since all these changes have been so confusing and overwhelming. Great post!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.