What is the GDPR?
GDPR refers to the General Data Protection Regulation. Now what we see in general is that data gets a list, it gets stolen, it even reaches those people who should have never seen it. So, how to avoid all of this and more. GDPR seems to be the best solution. GDPR is basically a data protection regulation which aims to fortify data protection for people living within European Union nations. On 25th of May 2018, GDPR will become mandatory.
The main objective of GDPR is-
- To offer people a higher level of control over their personal data
- To help safeguard personal data from the danger of loss
- To have uniform regulatory privacy as well as data requirements within the European Union.
Now, all this seems to be extremely beneficial for the individuals and minimizes the chances of data misuse. It has become fundamental for any organization which runs its business within the EU to fully understand and implement the overall design of GDPR. This new legislation has come up as a blow in the face of privacy invaders. As per the guidelines of GDPR, the organizations will have to make certain that all types of personal data are collected as per legal rules as well as under stringent conditions. Also, those who are responsible for data collection, as well as management, will be under obligation to safeguard the same from any kind of misuse and exploitation. They have to pay proper respect to the rights of the data owners. In case they fail to do the same they will be charged with face penalties for the same.
- GDPR is applicable to any company which runs within EU.
- It is applicable to all organizations outside EU but which offer goods or services to users or businesses present within EU.
So, any company whether it directly operates within EU or has any kind of business within EU will have to comply with GDPR guidelines, lest it should be ready to face the circumstances. There are basically two kinds of data-handlers to whom this legislation is applicable on:
The definition of both of these has been given in Article 4 of the General Data Protection Regulation. A controller is an individual, any public authority, agency or any other body which, either alone or along with others, decides on aim and ways of processing of the personal data of any person. The Processor, on the other hand, is a person, public agency, authority or any other body which processes the personal data of any individual on behalf of the controller”. If you are currently subject to the UK’s Data Protection Act, for example, it’s likely you will have to look at GDPR compliance too. GDPR eventually puts legal obligations on a processor to keep a record of personal data of an individual and how the same is processed, leading to a much-elevated level of legal liability if any kind of privacy breach happens. Controllers need to make sure that all kinds of contracts with the processors are in due observance of GDPR.
From when is GDPR applicable?
GDPR will be applicable to all European Union nations beginning from 25th May 2018. It is expected that all the member nations will have incorporated it into their national law by the 6th of May. GDPR has received approval of the European Parliament in April 2016. All the regulations mentioned in the directive have been published in the official languages of the EU in May 2016.
Need for GDPR
In present times technology has penetrated every conceivable domain. Nobody could have made a prediction regarding the reach of the Internet and Smartphones. In fact, social media mobile apps like Facebook and Twitter have led to worldwide implications on privacy matters. Now, this GDPR endorses a standardized data security law across the whole European Union. Every country which forms part of EU will no longer have to create its own legislation with respect to data security; GDPR will serve as the main law. Nevertheless, EU countries can still exercise control over certain kinds of data like health data.
GDPR implications for the business community
GDPR seeks to establish one common law regarding privacy in EU member states. By doing so EU ensures that the reach of this legislation extends beyond borders of Europe because any international organization which is based outside the EU but has activity on ‘European soil’ will have to comply with it. GDPR European Commission asserts that common law will lead to simpler as well as cheaper means to conduct business. So, in totality business community will end up saving 2.3 billion annually. This will also propel innovation and the creation of more business opportunities. Due to GDPR, data protection safeguards will be incorporated into the products and services right from the beginning stages of development, thus offering ‘data protection by design’ in all new products which are yet to be launched. Techniques such as ‘pseudonymization’ will become common. The task of complying with this new data protection regulation falls upon businesses, organizations, and GDPR Compliance software solutions.
GDPR implications for consumers/citizens
Due to a huge amount of data breaches as well as hacks, security concerns regarding personal data has become skyrocketing — be it your email address, social security number, bank password or even private health records everything has become open on the internet. One of the key things which GDPR will ensure is that consumers will obtain a right to know whether their personal data has been hacked. Organizations will have to notify the chosen national bodies if any hack happens so that EU citizens can take suitable measures to avert their data from any kind of misuse. So, basically, GDPR seems to be good legislation for the EU citizens/consumers. Consumers will also have convenient access to their personal data regarding terms of how the same is processed, in case organizations tell them that they require their personal data. So, the entire process will be totally transparent.