The Overview Of EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
The GDPR is the most important change in data privacy regulation in 20 years, GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance may face heavy fines.
GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data.
The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU.
In contrast with the previous Data Protection Directive, the GDPR has expanded punishments for non-compliance. SAs have more authority than in the past enactment on the grounds that the GDPR sets a standard over the EU for all organizations that handle EU citizens’ personal data. SAs hold investigative and restorative powers and may issue admonitions for non-compliance, perform reviews to guarantee consistence, expect organizations to influence determined enhancements by endorsed due dates, to arrange information to be eradicated, and square organizations from exchanging information to different nations. Information controllers and processors are liable to the SAs' forces and punishments.
All organizations, including small to medium-sized companies and large enterprises, must be aware of all GDPR requirements and be prepared to comply by May 2018. By beginning to implement data protection policies and solutions now, companies will be in a much better position to achieve GDPR compliance when it takes effect. For many of these companies, the first step in complying with GDPR is to designate a data protection officer to build a data protection program that meets the GDPR requirements.
The General Data Protection Regulation not only applies to businesses in the EU; all businesses marketing services or goods to EU citizens should be preparing to comply with GDPR as well. By complying with GDPR requirements, businesses will benefit from avoiding costly penalties while improving customer data protection and trust.
Did you find this tutorial helpful? Don’t forget to share your views with us.