News

GDPR : A Big transformation in how companies and businesses handle personal data

The GDPR or General Data Protection Regulation came into force on May 25th, 2018 bringing greater protection to your personal data and information.

GDPR is the new EU data protection law which replaces the Data Protection Directive. The new law is an improvement on the earlier law which has become outdated in this increasingly digital era. The new law imposes strict guidelines on how businesses collect, process, store and handle personal data of the customers. Thereby giving the users or customers more control over their personal data, better protection, and disabling firms from misusing the data. The idea and the framework of this new GDPR is built on the concept of “Privacy by Design and Default: wherein the firm must have safeguards for privacy and protection of data from the early stages of the product development.”

Under the GDPR, firms that fail to comply with it may be liable to hefty penalties and/or legal action. These fines can be as high as 20 million Euros or 4% of the firm’s annual global turnover, whichever is higher.

The GDPR sets a high standard for consent. Consent gives individuals a choice and control over their data. An indication of consent needs to be clear and must involve the individual opting into it (pre-ticked opt-in boxes are banned). The GDPR also states that an individual must be able to withdraw consent as easily as he/she is able to give it.

 

Here are some more major guidelines of the GDPR (in a nutshell! The full Regulation has close to 100  Articles!):

  • In case of any data breach, firms must report it to the supervisory authority within 72 hours of identifying the breach
  • Any firm with more than 250 employees must document their processing activities
  • Any company that access or uses high amounts of personal information must have a data protection officer
  • A company must have permission from you in order to collect your personal information
  • Firms can retain personal data only to serve the necessary purpose for which the data is collected
  • You can get all the information of your personal data for free from any company that has it
  • There are strict restrictions on the transfer of data outside the EU

In this digital era where so much of what businesses do is dependant on data, we will be hard-pressed to find an organization that is not affected by the new regulation. As far as data security goes, it is indeed a dawn of a new era.