GDPR is a brand new EU regulation that comes into full effect on May 25th, of this year. As a replacement for the original Data Protection Directive, established in 1995, it’s an innovative piece of legislation in a number of ways. At its core, it aims to help protect and empower all EU citizens to better control their personal data.
With solid common standards for data protection, people can be sure they are in control of their personal information. And they can enjoy all the services and opportunities of a Digital Single Market – Andrus Ansip, VP for the Digital Single Market
As well as aiding citizens, it will also help enable the police and the criminal justice sector to protect witnesses, suspects and victims. However perhaps the most significant change will be the way the General Data Protection Regulation will undoubtedly reshape the way organisations across the region approach data privacy.
As one of the most significant data privacy regulation changes in 20 years, it’s important all businesses are in the loop when it comes to GDPR – here’s what you need to know:
GDPR is a dramatic shakeup and a clear response to the data-driven world we all live. As citizens with online personal data, we all need and expect extra protection online, however, the EU is clear about it benefitting both newly empowered online citizens as well as businesses who deal with personal data online. They want it to be seen as a collective and transparent step forward for all:
Citizens and businesses will profit from clear rules that are fit for the digital age […] that give strong protection and at the same time create opportunities and encourage innovation – Věra Jourová, Commissioner for Justice, Consumers and Gender Equality
Huge improvements have been made to major regulatory policies, including, the intricacies of consent online and how we draw digital geographical parameters. Let’s see what’s changed:
There are two tiers of administrative fines that can be levied:
The maximum fine will be incurred if serious infringements have occurred, e.g not having proper customer consent to process data. Here’s further information on all the GDPR penalties and how businesses can incur them.
Aimed at trying to strengthen the conditions for consent, companies will no longer be able to use long illegible terms and conditions full of technical language.
*What’s ironic about the GDPR directive itself is that it’s heavily steeped in confusing jargon of its own. Here’s a handy jargon-buster to help you.
There really is nothing worse than a cyber-attack that comes out of nowhere. However, the only thing that might trump this is when a personal data breach is concealed from us by businesses and corporations. Under GDPR this is changing:
Privacy by Design has been a long-standing concept but is only now becoming part of the legal requirements of the new General Data Protection Regulation.
Want to read the whole thing for yourself? Here’s access to the full-version of GDPR.