The General Data Protection Regulation refers to a platform where the European Parliament, European Commission, and Council of the European Union intend to unify and strengthen data protection for persons within the European Union. It addresses the transfer of personal information outside the EU.
The GDPR aims at bringing together the EU regulation to simplify the governing environment for international business. It also gives residents control over their data.
The new data protection regulation replaced the1995 EU Directive on statistics protection. This harmonized and modernized regulation applies to all entities even those outside Europe. It mandates specific provisions and protections for organizations that monitor and process personal data on EU citizens. Non-compliance cost is significant, with a penalty of 4 percent of total global turnover or €20 million fine.
GDPR requires a company handling personal data of EU residents to meet the new obligations that involve:
- Data subject consent
- Breach notification
- Data anonymization
- Appointment of data protection officers
- Trans-border data transfers
Companies that store data in the cloud will experience stronger restrictions relating to how they access and use information under the new regulation. EU residents, on the other hand, will gain several rights concerning personal data. Outlined below are six GDPR changes:
1. Personal Data Definition is Stricter
Personal data is a broad term that covers various types of information. For instance, a firm would be holding personal facts by monitoring and storing the IP address of an individual. After the introduction of General Data Protection Regulation, companies must define the type of personal details they gather and store.
2. Data Minimization Principles
GDPR requires international firms to collect data of all sizes and store it for the shortest time possible in their systems. Once the personal statistics have served its purpose, the company should delete or remove it as quickly as they can to free the space. These provisions are specifically relevant to promotional units that typically collect and store large volumes of client data to support the targeting and outreach efforts.
3. Enhanced Individuals’ Rights
Under the regulation, persons will enjoy more privileges regarding their data, including:
- The civil liberties to ‘be forgotten’- Gives you the power to ask a former employer to delete or remove personal information from the organization systems or records.
- The civil rights to ‘data portability’- Gives you the mandate to download any stored personal details in a readable format from any machine. You can request sharing of your personal information with other organizations.
- You can even ask for correction of wrong data.
4. Data Breach Notification
General Data Protection Regulation requires worldwide firms to report data breach issues to the appropriate authorities within three days of the incident. The company should analyze the information promptly and monitor it closely when reporting to the relevant unit. Authorities need the details to help affected departments mitigate the risks linked to the breaching of the personal statistic. Attacks on individual information are common, even to the global organizations. It is therefore critical for the entity to develop an official plan to assist in addressing the condition. Cyber- attacks are a threat to company information.
5. Increased Accountability
The GDPR contains various governance rules. The regulation highlights the terms an organization should follow when appointing a Data Protection Officer (DPO). The DPO conducts routine privacy assessments for their company to determine the effect of the new application. They also alert the relevant officials and any victim experiencing data breaching.
6. Stricter Consent Procedures
The new rule demands global organizations to obtain informed and explicit consent from persons before they store or process their information. Additionally, they should not assume consent. If one fails to respond to certain questions, the action cannot be termed as consent. All questions from a company to an individual asking them to grant the organization permission to collect, process, and store personal details ought to be presented clearly. (https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-1-data-security-and-breach-notification/# ). Furthermore, once acquired, consent must be stored within the entity for future reference.
General Data Protection Regulation aims at safeguarding personal information. The legal framework will start operating from 25 May 2018. Global firms have limited time to acquire appropriate technological measures. Failure to meet the compliance needs, the organization will incur the non-compliance cost. The new regulation applies to every entity that monitors or processes personal information of EU citizens across the universe.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access