General Data Protection Regulation (GDPR) is the regulation framework formed by the EU (European Union) to protect the personal data of the citizens of the European Union and its member states. This law came into effect on 28 May 2018 in the EU laws for the privacy and protection of the personal data of EU citizens.
The digital age has blurred the barriers between countries. Companies that collect data can be located or headquartered anywhere in the world, with users from EU member nations as well. Thus, the impact of these regulations can be seen beyond Europe.
GDPR aims at a more stable way of protecting the personal and consumer data of the people of EU nations’. It puts control of the personal data of people in their own hands. It set some major requirements that every organization collecting this data has to adapt to comply with.
Some of the requirements are:
- It’s very important to take consent before taking any personal or consumer data of the citizen.
- Making the data unidentifiable to protect the privacy of the citizen.
- Notification on the data breach, if any.
- Safe processing of data to be transferred across nations.
- An officer to overlook the GDPR compliance in the organization.
This law’s main purpose for all the EU members is to not need different laws for different EU states. One common standard for all the companies across member states will simplify compliance for business and privacy protection for users. It will be simpler and cheaper for businesses and easier for citizens to protect and share their data with consent.
As this law is mandatory for all the businesses collecting EU citizens’ data in or outside the EU, it reaches internationally. It means that even if it doesn’t have a presence within the EU, but processes the data of its citizens, it must comply with the regulations. Thus it takes within its purview all multinational organizations and gives the effect of this law worldwide.
The primary benefit of GDPR is that no personal data of people will be collected and shared unless they explicitly agree to it. They also have an option to opt-out in case they don’t want to accept the conditions of a service they already use. It includes basic information such as name, address, and photos, as well as IP addresses, genetic or biometric data. It also requires that the data of the user is made unidentifiable to protect their safety, so that no sensitive data falls in the hands of unauthorized people and prevents its misuse.
As mentioned in the law, organizations must notify users if their data has been hacked and notify the legal bodies about personal and consumer data safety. The breach notifications are also to be sent to the users about data that can affect their privacy and safety. This is to be notified within 72 hours of the data breach, putting accountability on the companies about the security of the data.
Forgiving teeth to the law, on failure to comply as per the GDPR law, there is a provision of charging 4% of the worldwide turnover or a fine ranging from 10 million to a maximum of 20 million euros, whichever is greater for not handling data carefully, not reporting about the breach, unauthorized transfer of data internationally or failure to make a system design to protect and store the data carefully. There is also a provision of greater fines according to the size of the data that the organization mishandled.
There are many people, firms, and organizations that are confused in understanding the GDPR compliance and end up paying fines. Although to prevent this, GDPR itself requires the company to appoint an officer for its compliance.
To ensure that they are GDPR compliant, companies can take a few simple steps. Nearly all organizations around the world are affected by the GDPR. If your organization is one among them who is affected by GDPR but cannot understand it, you can contact the bigger organization that already managed to comply with the GDPR. They will surely help you in understanding it and to get out of any such situations. Check your website if it complies with the GDPR or not because many times, it happens that in the website, certain cookies, a plugin, or site may be collecting data in a manner that is not in compliance with GDPR. Reading the official GDPR document is also one way you can understand and interpret it as there is everything you need to know written in technical language, which cannot be repudiated later.
In the new age, data is the most sought after currency. Such laws are much-needed to protect the privacy of people and prevent the monopoly of tech giants to use the data for profiteering.