GDPR – General Data Protection Regulation
What is GDPR?
GDPR stands for General Data Protection Regulation. This regulation is proposed by the European Commission. This regulation aims to protect the personal data and privacy of EU citizens for transactions happening within EU member states.
This regulation strengthens and unifies data protection of user’s data within European Union and while transmitting data outside the European Union (EU). This regulation was first announced for an agreement to finalize in December 2015. The European Parliament adopted the GDPR in April 2016. The deadline to comply with this regulation is by 25th of May, 2018. This Regulation replaced outdated data protection directive from 1995. The companies that do not comply with this regulation would have to pay a huge penalty.
This regulation applies for those companies which collects data on EU citizens. These companies have to comply with this new strict rule to protect customer’s data. This regulation is expected to set new standard for customer rights on their rights.
Types of privacy GDPR protect:
- Biometric data
- Racial or ethnic data
- Basic identity information like – Name, Address, ID etc.
- Health related data
- Data such as – IP address, Cookie data, Location etc.
- Sexual orientation
- Political opinion
Companies that comes under GDPR regulation:
- The company resident in EU country
- Company that is not resident in EU but processes the personal data of the EU residents
- Company with more than 250 employees
- Company with less than 250 employees but their data processing impact the freedom and rights of data.
Roles in GDPR:
GDPR defines several roles to ensure the compliance is in the place like- data controller, data processor, and the data protection officer (DPO), supervisory authority.
- Controller – The data controller is the person who is responsible for determining the purposes and means of processing personal data. The controller is accountable to take actions and explain the compliance with GDPR to the data subject and superior authority.
- Processor – Data processor is the person who processes the data on behalf of the controller. Data processor is responsible for ensuring that the conditions are met which are specified in Data Processing Agreement.
- Data Processing Officer (DPO) – DPO is the person who is responsible for GDPR compliance. DPO will be an internal person of the company. DPO is responsible for looking the strategies, approaches, and implementation of data protection.
- Supervisory Authority – This is a public authority in EU which is responsible monitoring the compliance with GDPR. The main responsibility of Supervisory Authority is to advise companies about the GDPR, address complaints from the customer (Data Subject), Conduct audits on the compliance with GDPR.
Benefits for the customer:
- Higher data security
- Control over their own data
- Right to be forgotten
- More effective Subject Access Request
Benefits for Business:
- One market – one law (Unified law)
- Same law all over the EU and other countries which process EU resident data
- No general registration requirement
Consequences for the company:
If any company which doesn’t compliance with GDPR and gets involved in any data breach, the company have to face the following consequences:
- Fine of €10 million or 2% of global turnover
- Loss of reputation
- All the data breaches must be reported
- Loss of market share
- Loss of good-will of the company
- Legal proceedings
- Financial loss