In simplest terms, the GDPR can be broken down into three key concepts:
Consent and control
Under the GDPR an individual has a basic right to control over his or her personal data and is required to give consent by clear affirmative action to any entity wishing to use their data for any reason. The individual is also entitled to withdraw consent as easily as it was given. The entity requesting the data must inform the individual of how their data will be used and only gather as much data as needed for the stated purpose.
In case of a security breach when data may have been compromised, the regulators and individuals whose information may have been compromised must be notified and provided full disclosure, including an explanation of what happened and what is taking place to remedy the situation, as well as a recommendation of what the individuals might do to protect themselves.
Granting of individual rights
Have you ever signed up for a service that you later canceled only to be continuously inundated by emails? Under the GDPR, individuals are given comprehensive rights to access, correct, port, erase, and object to the processing and storage of their data.
The rules of the GDPR are complex and wide-reaching, but their ultimate goal to protect individuals’ personal data is simple and one that Hush fully supports. Although the GDPR will only directly affect our EU customers, the rules support what has always been our closest held value, the right to private communication. We believe that what Hush does every day — provide safe, secure, private email — is achieved through an organizational culture of privacy that pervades our entire organization. In other words, privacy is our raison d’être.