General Data Protection Regulation (GDPR) comes into effect on May 25, 2018 and brings with it new compliance standards for personal data usage. Businesses handling the personal data of EU residents will need to take note of these changes. The GDPR changes how businesses handle and store personal information. The new regulations demand businesses to be more transparent about how they handle and process user data, along with requiring explicit opt-in consent from users before collecting and storing their personal information. If you are a business owner or manager in charge of IT, you should know what GDPR means for your business. The following guide will help you understand the implications of the new legislation so that you can plan accordingly.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a new data protection law that will replace the Data Protection Directive 95/46/EC. The main purpose of this legislation is to protect the rights of individuals in the EU regarding their data. GDPR is a regulation, which means that it will apply across all EU member states.
Why is there a need for a new Data Protection Regulation?
The Data Protection Directive (as implemented in most EU countries) has been effective since 1995. These laws have undoubtedly served us well in the internet age, but there are several limitations that have to be addressed. The GDPR aims to correct these issues and bring data protection to the 21st century. The GDPR will apply to all companies handling the personal data of EU citizens, regardless of where the company is based. It will also apply to all organizations that monitor the behaviour of EU citizens; this includes analytics companies and IT service providers.
Limitations of the current Data Protection Directive
The GDPR has been created to correct the limitations of the current Data Protection Directive. The main issues are the following: – Data storage – The Data Protection Directive requires that personal data be deleted once the purpose for which it is processed is completed. This means that data must be deleted if it is no longer of use to the business. The GDPR, on the other hand, requires that data be stored with appropriate security and confidentiality. – Consent – The current Data Protection Directive requires that consent be obtained from the individuals whose data is being processed. This consent must be explicit, meaning that there can be no room for uncertainty about what the individual is agreeing to. The GDPR expands on this idea, requiring that consent be both explicit and informed. This means that the individuals whose data is being processed must be fully aware of what they are agreeing to. – Territoriality – The current Data Protection Directive only applies to data that is processed in the EU. If your business handles the data of EU citizens but does so from outside of the EU, the Directive does not apply to you. The GDPR is different in that it applies to all organizations that process the data of EU citizens, regardless of where they are based.
Key requirements of the GDPR
The GDPR contains many requirements that differ significantly from the current Data Protection Directive. The main ones are the following: – Accountability – Data controllers and data processors must implement the appropriate technical and organizational measures to ensure that the data is secure. They must also be able to demonstrate that they are compliant with the GDPR. – Transparent practices – Data subjects have the right to know when their data is being processed. They also have the right to know who is processing their data and what the data is being used for. The GDPR requires that businesses be transparent about their data practices. – Accountability – Data controllers and data processors must implement the appropriate technical and organizational measures to ensure that the data is secure. They must also be able to demonstrate that they are compliant with the GDPR. – Transparency – Data subjects have the right to know when their data is being processed. They also have the right to know who is processing their data and what the data is being used for. The GDPR requires that businesses be transparent about their data practices.
Rights for data subjects
The GDPR lists many rights for data subjects. These rights are designed to ensure that individuals have control over their personal data and that they can protect their privacy. The main rights for data subjects are the following: – The right of access – Data subjects have the right to access their data and to know why their data is being processed. – The right to rectification – Data subjects have the right to have their data corrected if it is inaccurate or incomplete. – The right to be forgotten – Data subjects have the right to have their data deleted if there are no legitimate grounds for its continued processing. – The right to restriction – Data subjects have the right to restrict the processing of their data under certain conditions. – The right to data portability – Data subjects have the right to obtain their data in a machine-readable format and to transfer their data to another organization.
Penalties for non-compliance
The GDPR imposes strict penalties for non-compliance. The maximum administrative fine will be €20 million or 4% of annual global turnover, whichever is higher. The maximum fine for breach of privacy is €10 million or 2% of annual global turnover. More than 99% of businesses in Europe handle personal data in some form or another. If your business falls into this category, GDPR compliance is essential.
Conclusion
The General Data Protection Regulation is a new data protection law that will replace the Data Protection Directive 95/46/EC and is designed to protect the rights of individuals in the EU regarding their data. There are many differences between the GDPR and the Data Protection Directive, with the main ones being the following: – Accountability – The GDPR requires organizations to be more accountable for their data practices. – Transparency – Businesses have to be transparent about their data practices. – Territoriality – The GDPR applies to all organizations that process the data of EU citizens, regardless of where they are based. – Rights for data subjects – The GDPR lists many rights for data subjects, such as the right to be forgotten and the right to data portability.
Read More:-