The GDPR or General Data Protection Regulation came into force on May 25th, 2018 bringing greater protection to your personal data and information.
GDPR is the new EU data protection law which replaces the Data Protection Directive. The new law is an improvement on the earlier law which has become outdated in this increasingly digital era. The new law imposes strict guidelines on how businesses collect, process, store and handle personal data of the customers. Thereby giving the users or customers more control over their personal data, better protection, and disabling firms from misusing the data. The idea and the framework of this new GDPR is built on the concept of “Privacy by Design and Default: wherein the firm must have safeguards for privacy and protection of data from the early stages of the product development.”
Under the GDPR, firms that fail to comply with it may be liable to hefty penalties and/or legal action. These fines can be as high as 20 million Euros or 4% of the firm’s annual global turnover, whichever is higher.
The GDPR sets a high standard for consent. Consent gives individuals a choice and control over their data. An indication of consent needs to be clear and must involve the individual opting into it (pre-ticked opt-in boxes are banned). The GDPR also states that an individual must be able to withdraw consent as easily as he/she is able to give it.
Here are some more major guidelines of the GDPR (in a nutshell! The full Regulation has close to 100 Articles!):
In this digital era where so much of what businesses do is dependant on data, we will be hard-pressed to find an organization that is not affected by the new regulation. As far as data security goes, it is indeed a dawn of a new era.