ee Back

Tallinn, Estonia GDPR & European Data Act

GDPR: How the EU Protects Your Personal Data!

📝 Have you ever wondered who has access to your personal data? Every time you shop online, post on social media, or use a mobile app, you share information about yourself — from your name and email to your habits, location, and preferences. But who controls that data and how is it protected? That’s where the General Data Protection Regulation (GDPR) comes in. Since May 2018, this EU law gives individuals control over their personal information and ensures that companies handle it responsibly. GDPR applies to everyone living in the EU and EEA, and even to companies outside Europe if they process the data of EU citizens. Whether you are scrolling through Instagram, buying a train ticket, or applying for a job online — GDPR protects your privacy in ways you might not even notice.

Table of Contents

  1. 01 Key Information
  2. 02 Good to Know
  3. 03 Everyday Example
  4. 04 Did You Know?
  5. 05 FAQ
  6. 06 What can you do?
  7. 07 Quiz
  8. 08 Summary
  9. 09 Links

What is GDPR?

  • Every EU and EEA citizen or resident, whose personal data is collected or processed.
  • All organizations worldwide – from tech giants to small businesses – if they process data from EU citizens.
  • Public authorities (schools, hospitals, municipalities) and private companies alike.

GDPR (General Data Protection Regulation) is a European Union law that governs how organizations collect, use, and store personal data. It replaced older national laws with a single, strong set of rules across all EU/EEA countries.

1 / 4

Who does it affect?

  • Every EU and EEA citizen or resident, whose personal data is collected or processed.
  • All organizations worldwide — from tech giants to small businesses — if they process data from EU citizens.

Public authorities (schools, hospitals, municipalities) and private companies alike.

2 / 4

Why is it important?
 GDPR ensures that:

  • You decide what happens to your data.
  • Companies cannot sell or misuse your personal information.
  • You can access, correct, or delete your data at any time.

Privacy and transparency are core values of the digital single market.

3 / 4

How does the EU enforce it?
 Each EU country has its own data protection authority (e.g. Datainspektionen in Sweden, CNIL in France, or the Data Protection Commission in Ireland).
 These national agencies investigate complaints, monitor compliance, and impose significant fines on violators.
 💶 Fines can reach up to €20 million or 4% of a company’s global annual revenue, whichever is higher.

⚖️ National variations:
 While GDPR sets a unified legal framework, each member state can interpret and apply certain aspects differently — for instance, in employment contexts, data processing by public bodies, or rules on minors’ consent (ranging from age 13–16).

4 / 4

Good to Know

Our Rights under GDPR

The regulation gives individuals eight key rights over their data:

  1. Right to Access – You can request a copy of your personal data held by any company.
  2. Right to Rectification – You can correct inaccurate or incomplete data.
    Right to Erasure (“Right to be Forgotten”) – You can ask for your data to be deleted.
  3. Right to Restrict Processing – You can limit how your data is used.
  4. Right to Data Portability – You can transfer your data to another service.
  5. Right to Object – You can stop certain types of processing (like marketing).
  6. Rights related to Automated Decision-Making – You can challenge decisions made by algorithms (e.g. automated credit scoring).
  7. Right to Information – You must be clearly informed whenever your data is collected.

🟢 Example: If a streaming service uses your viewing history to recommend movies, you must be informed of this data use and can choose to opt out.



  • Fun Fact: How GDPR Changed the World

    📊 In 2023 alone, EU regulators fined companies over €1.7 billion for GDPR violations!
     Some major examples include:

    • Meta (Facebook/Instagram) – fined €1.2 billion by Ireland’s Data Protection Commission for transferring EU data to the U.S. without proper safeguards.
    • Amazon – fined €746 million in Luxembourg for using personal data for targeted advertising without valid consent.
    • WhatsApp – fined €225 million for unclear privacy information.

    💡 These cases show how seriously the EU takes privacy — and how GDPR influences global tech behavior. Even companies outside Europe now adjust their privacy policies to comply.

    💰 Where do the fines go?
     Collected fines usually go into national budgets of the member state that imposed them, supporting further digital protection and enforcement activities.



Everyday Example

🔍 Imagine you sign up for an online shopping website. The company asks for your name, address, and email to process your order. Under GDPR – It must clearly tell you why this data is needed. – It must ask for your explicit consent if it wants to send you newsletters.

– You can later withdraw your consent and unsubscribe easily. If you delete your account, the company must erase your personal data permanently within a reasonable timeframe.

✅ Result: You stay in control, and your information cannot be shared or sold without permission.

Did You Know?

📢 Before GDPR, many websites shared or sold your personal data without asking. Now, you can:

  • Request a copy of all data a company holds about you.
  • Opt out of marketing emails and newsletters with one click.
  • Report misuse directly to your national data protection authority.

📈 Since 2018:

  • Over 2 million complaints have been filed by EU citizens.
  • Around 70% of Europeans feel more aware of their digital rights.
  • Small businesses now receive better guidance to stay compliant.

🌍 GDPR’s global impact: Countries like Japan, Brazil, and South Korea have adopted similar privacy laws inspired by the EU model — creating a worldwide shift toward ethical data use.



FAQ

Can companies keep my data forever?
No! GDPR requires companies to delete data as soon as it is no longer needed for its original purpose.
Does GDPR only apply to European businesses?
No! It applies to any organization worldwide that processes EU citizens’ data — including U.S., Asian, and global platforms.
Can I stop personalized advertising?
Yes! You can withdraw consent for targeted ads at any time through your account settings or cookie preferences.
Kann ich personalisierte Werbung unterbinden?
Ja! Du kannst deine Zustimmung zu gezielten Anzeigen jederzeit über deine Kontoeinstellungen oder Cookie-Einstellungen widerrufen.

What can you do?

  1. Visit your favorite app or website’s privacy section — check how they handle your data.
  2. Try submitting a “Right of Access” request to see what data they store about you.
  3. Review your cookie preferences and turn off tracking cookies you don’t want.
  4. Unsubscribe from mailing lists you no longer use.

Quiz

Which of these is NOT allowed under GDPR?

Summary

  • GDPR gives you control over your personal data — you decide who uses it and why.

  • Companies must ask for permission, be transparent, and ensure your data’s safety.

  • The EU enforces compliance through strong supervision, national agencies, and fines that can reach millions of euros.

  • Together, these rules make the EU a global leader in digital rights and privacy protection.