A regulation known by the name the General Data Protection Regulation (GDPR) came into existence in April 2014 under the EU law. It is a regulation on data protection and privacy for all the people within the European Union and the European Economic Area, and also extends to the export of personal data outside the EU and EEA. Here we will talk about how GDPR affects the individuals and the businesses.
What is it about?
The aim of this regulation is to give the residents and the citizens control over their personal data. Further, it also simplifies the regulatory environment for international business by merging the regulation within the EU so that businesses and citizens can benefit from the digital economy.
Our lives today are largely dependent on data. Almost all aspects of our lives and the services that we use involve analysis of our personal information. Organizations collect, analyze, and store our name, address, credit card number, and more.
What is meant by GDPR compliance and who does it apply to?
Data breaches have become so common. A lot of personal information is lost and sometimes, it ends up with people who were never intended to see it. Under the GDPR, the organizations will have to ensure legal collection of data under strict conditions. Also, the authorities collecting data will have to make sure that the collected data is not misused or exploited. The rights of the data owners will have to be protected and failure to do so will result in penalties.
Any organization that operates within the EU comes under the scope of GDPR. It also applies to any organization outside of the EU that offers goods and services to individuals or businesses in the EU. This means every major corporation in the world needs to be ready for GDPR compliance.
What is considered personal data under the GDPR?
Name, address, and photos are considered personal data under the present legislation. The GDPR extends the scope to include IP address, genetic data, and biometric data that can uniquely identify an individual. The regulation is applicable across the EU from 25 May 2018.
GDPR and its importance for businesses
The regulation is expected to benefit the businesses as having single supervisor authority across the EU will make it cheaper for the businesses to operate within the region. It is claimed by the European Commission that it will save € 2.3 billion across Europe every year.
GDPR for consumers
Under the GDPR, the consumers will have the right to know when their data has been hacked. Concerned authorities will be notified immediately so that the citizens can take appropriate action to prevent the data misuse. Further, the consumers will have easier access to their personal data and can know how it is being processed. The consumer consent will be important before their information could be used. People can also have their data deleted when it is no longer needed.
The Breach Notification and Penalties for non-compliance
The organization will need to report certain types of data breaches to relevant authority under the GDPR where there has been unauthorized access to personal data or loss of it. Organizations are obliged to report any kind of breach that can risk the rights and freedom of individuals or lead to reputation damage, financial loss, discrimination, or any other kind of disadvantage. The breach needs to be reported to a relevant authority within 72 hours of the organization becoming aware of it.
The failure to GDPR compliance can result in fines and penalties. The fines can range from 10 million Euros to 4% of the annual turnover of the company. The amount of fine will depend on the severity of the breach.
The Bottom Line
The GDPR came into force on 25 May 2018 and the days prior to that have seen emails from companies to the people asking them to review the new privacy policies. At Mark Space Media, we take the GDPR compliance very seriously. We understand that it is important to take consent from the prospects before sending them information.