Before talking about ‘What is GDPR (General Data Protection Regulation) ?’, first I want to share some information about ‘data’.
We have tried our best to make this post as simple as possible and interesting for YOU. So feel relax, after reading this post you will have good information about GDPR.
So let’s start the journey…
As we all know that in this modern world all the time we are surrounded by data, lots of data, limitless data and every single second you, me and everyone generating more data. I am sure that two question arose in your intelligent brain, first is what type of data it is and what it contains, and second is if this (all) data is limitless then how to manage it and where is it?
Don’t worry guys 😉
Here we are to make you understand everything about GDPR.
In this article, we will talk about the first question and left the second one for another day. in this post, we have thrown some light on- What Is GDPR?
Everything You Need To Know About- What Is GDPR?
Almost every aspect of our lives revolves around data and most of it is our personal data. Our name, address, credit card number and more, every service we use involves the collection and analysis of our personal data and perhaps most importantly, it stored by organizations and companies.
Important thing is that it may be or may not be used (misused) without your permission or may be handed over to someone who can harm you in different ways.
It’s the matter of concern for your privacy and protection.
And to take care of your privacy and protection, The European Parliament and Council of the European Union implemented the regulation for the protection of your data, This regulation is GDPR- General Data Protection Regulation.
What Is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU (Europian Union) law implemented on 25 May 2018 – And is a replacement for the 1995 Data Protection Directive – on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). This regulation is a new set of rules designed to protect the personal data and privacy of EU citizens and give more control to citizens and residents over their personal data.
In simple words: The European Parliament adopted the new set of rules (GDPR) on 14 April 2016 and implemented on 25 May 2018, replacing an outdated data protection directive from 1995 to give European Union (EU) citizens and the European Economic Area (EEA) more control over their personal data. Simplifying the regulatory environment for business so both citizens and businesses in the EU can fully benefit from the digital economy and protect the personal data and privacy for transactions that occur within EU member states.
The Primary Objectives Of GDPR
1. To give citizens back control of their personal data.
2. Now individuals will have more power to demand companies reveal or delete the personal data they hold.
3. For the first time, regulators will be able to work in concert across the Europian Union.
4. The maximum fine now reaching the higher of €20m (£17.5m) or 4% of the company’s global turnover.
What is GDPR Compliance?
Data or Information gets lost, stolen or handed to people who never intended to see it and those people may have malicious intent.
Under the terms of GDPR, all the organizations, as well as those who collect and manage data, are restricted to take care of all the personal data and respect the rights of data owners. They also have to ensure that personal data is gathered legally and under strict conditions and obliged to protect it from misuse and exploitation – otherize they have to face penalties for not doing so.
The main purpose of the GDPR is to introduce a uniform data protection law on all EU members so that no longer needs to write own data protection laws by each member and laws are consistent across the entire EU.
It is important to note that any company or organization that markets goods or services to Europian Union residents, regardless of its location, is subject to the regulation.
As a result, GDPR has an impact on data protection requirements globally.
For you as a data owner, what ‘Compliance Requirements’ should be there?
Have a look at GDPR Compliance Requirements and see how much fair it is for you.
GDPR Compliance Requirements
Security requirements can be grouped along the following themes:
- Data Control
- Data Security
- Right to Erasure
- Risk Mitigation and Due Diligence
- Breach Notification
The GDPR contains 11 chapters and 91 articles. Some of the most important chapters and articles are listed below:
Articles 17 & 18 GDPR – Right to portability and Right to erasure:
The GDPR give data owners more control over personal data that is processed automatically. Easy transfer of personal data between service providers by its owners, and under certain circumstances data owners may direct a controller to erase their personal data.
Articles 23 & 30 GDPR-
Organizations must implement appropriate data protection measures to protect consumers’ personal data and privacy against breach, loss, and exposure.
Articles 31 & 32 GDPR-
Article 31 – requirements for single data breaches: controllers must inform Supervising Authorities (SAs) of a personal data breach within 72 hours of learning of the breach with providing the specific details of the breach i.e. the nature of the breach and the approximate number of data subjects affected.
Article 32 – data controllers must inform data owners as quickly as possible of breaches or loss when the breaches place rights and freedoms of data owners at high risk.
If an organization suffers a data breach who stored your data, under the new standard of EU compliance, the following conditions may apply depending upon the severity of the breach: The organization must inform the local data protection authority and the owners of the breached data.
GDPR does also provide exceptions if the appropriate security controls are deployed within the organizations. For example, a breached organization that has rendered the record unintelligible through encryption to any person who is not authorized to access the data is not necessary to inform the affected record owners.
If the organization is able to demonstrate a “ Secure Breach” has taken place, then the chances of being fined are reduced.
Article 35 GDPR
Organization and companies must appoint data protection officers. Specifically, those companies who process data revealing a subject’s genetic data, health, racial or ethnic origin, religious beliefs, etc. These officers serve to advise organization about compliance with the regulation and act as a point of contact with SAs. Some companies collect personal information about their employees so they are subjected to this aspect of the GDPR
Articles 36 & 37 GDPR
Data protection officer ensure the GDPR compliance as well as reporting to Supervisory Authorities and data owners.
Article 45 GDPR
Data protection requirements extend globally, those international companies also subject to the same requirements and penalties as EU-based companies who collect or process EU citizens’ personal data.
Article 79 GDPR
The penalties for GDPR non-compliance, which can be up to 4% of the violating company’s global turnover or €20 million depending on the nature of the violation.
This is fair enough, isn’t it?
Yes, we all know that ‘prevention is better than cure’, it will be better for you that companies may not misuse your personal data and protect it wisely. But it happens, now you have more power in your hands.
Types of Privacy Data Protected by GDPR
- Identificational data such as name, address, and phone numbers
- Location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
What Does GDPR Mean To Me?
You, as a data owner, have the power to hold companies to account as never before.
Withholding consent for certain uses of your personal data.
Requesting access to your personal data from data brokers.
Deleting your information from sites altogether.
It could have a seismic effect on the data industry is every individual begin to take advantage of GDPR.
Europe is a big market for Indian IT companies and is estimated to be a $45-billion potential outsourcing opportunity for Indian technology vendors. All companies and Europe-headquartered companies: Nestlé, Unilever, Nokia, and others must comply with GDPR. Development centers of these companies are also in India, which access data of global customers. These companies would also have to comply with and meet the GDPR requirements.
Best Practices For GDPR Compliance
All organizations must be well aware of GDPR requirements and comply by 25 May 2018.
Now it must for all the companies and organizations to appoint a data protection officer to build a data protection program that meets the GDPR requirements.
By complying with GDPR requirements, it will be beneficial for businesses to gain the trust of customers and avoiding costly penalties.
GDPR is for all businesses marketing services and (or) goods to EU citizens.
For more details please go through:
You May Also Like:
- Beginners Guide To SEO: The Definitive Guide In 2018
- Digital Marketing: The Definitive Guide For Beginners In 2018
Conclusion: What Is GDPR?
Hopefully, you understand this important article and most important now you have the right information about privacy and protection of YOUR personal data. So now you can use your power wisely and keeps your rights and freedoms without any risk.
Is GDPR is fair to you? Share your views in the comment section.
We hope this post suits your purpose well and helps you in understanding “What Is GDPR”. If you find this post helpful kindly share this post on all trending social media platforms like Facebook, Twitter, and LinkedIn.