General Data Protection Regulation (GDPR) is a regulation agreed upon European Parliament that came into effect on the 25th of May 2018. By stipulating how data of European Union and European Economic Area residents have to be protected, it applies to all organizations in member states, but also beyond it. GDPR is consisted out of 99 articles grouped in 11 chapters.
Why it affects business outside the EU?
The reason why the GDPR has so wide impact is that, nowadays, businesses that operate only on the local level are in extinction. A simple website is must-have for all organizations, and only by visiting, people leave their “fingerprints” without even noticing it. That’s why the European Commission sets out the plan on how to fit in the digital era.
Therefore, GDPR applies to any organization operating within the EU, or to an organization outside the EU if it offers goods or services to customers or businesses in the EU.
Why do we need to be GDPR compliant?
GDPR gives companies a new set of rules for sharing personal data. Aiming to build trust among companies and users, new regulation provides more control over personal data. There are several rights a person whose data are processed is entitled to:
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Being GDPR compliant is not only a good thing for data subjects, but it is also good for your company. You will improve Data Management, consumer confidence, you can reduce maintenance costs and strengthen organizations’ disaster recovery and business continuity plans.
Does it provide enough protection?
Well, it’s too early to judge whether GDPR is all we need. For sure, it made a good foundation for protecting data on the internet. Companies that violate the law can be fined up to 4% of annual revenue, which definitely, will be a good motivation for companies to fulfill their obligation under the regulation. Unfortunately, data breaches are not so rare. Data can be used, lost and stolen by people or organizations with malicious intention. By stipulating huge fines, GDPR encourages organizations that process personal data to take necessary steps and ensure its high protection.
The GDPR is only the start of the data protection framework. There are new upcoming regulations that will complement the General Data Protection Regulation. In January 2017, ePrivacy Regulation (Regulation on Privacy and Electronic Communications) was published as a proposal text and it aims to be an update of the EU’s existing ePrivacy legal framework. It will be lex specialis to the GDPR and, in this digital era that is fastly developing, we can expect many more.