General Data Protection Regulation is the abbreviation for GDPR. Regulated in Europe by the European Union, GDPR is the major factor that needs to be considered for the data protection and privacy for all the users within in the European Union. When it is referred as European Union, it reflects on to the European Economic Area, applies to the enterprises registered within the European Union irrespective of the location and also the enterprises that has business ties with the companies or doing business within the European Economic Area (EEA).
Successor to the Data Protection Directive, GDPR allows individuals with more power to demand companies reveal or delete the personal data they hold; regulators will be able to work in concert across the EU for the first time, rather than having to launch separate actions in each jurisdiction; Maximum fine while failing to enforce GDPR compliance will reach over €20m or 4% of the company’s global turnover.
Who will be affected by GDPR?
Firms processing consumer data, for instance the technology firms and data providers will be the major ones who will be affected by the implementation of GDPR. The largest impact will be on the firms whose business strategy relies on collecting and exploiting user data.
Technology giants such as Facebook, Google and Apple have been affected big time by this. Recently, almost every technology giant broadcasted a new set of Terms and Conditions to all the users and even forced them to agree to it. A good example of this scenario was carried out by the Mark Zuckerberg led Facebook. It also went a step further by nudging them to opt in for the facial recognition technology.
What data will be protected under GDPR?
The two major rights under GDPR are the right of erasure, or the right to be forgotten. If a user doesn’t want their data out there, then they have the right to request for its removal or erasure. Another major right is the right of portability. “opt-in/opt-out” clauses will become mandatory.
GDPR requires full consent and justification. The following user data will be addressed and covered:
- Personally identifiable information, including names, addresses, date of births, social security numbers
- Web-based data, including user location, IP address, cookies, and RFID tags
- Health (HIPAA) and genetic data
- Biometric data
- Racial and/or ethnic data
- Political opinions
- Sexual orientation
Need for Data Protection Officer:
Companies which collect user data should appoint a data protection officer who regularly monitor individuals “on a large scale”, according to the GDPR legislation.
The sole purpose of data protection officer is to inform and advise the organisation about meeting GDPR requirements, and monitoring the compliance. They’ll also act as the data protection authority’s primary point of contact, and will be expected to cooperate with the authority.
GDPR has been active since 25th of May and an organization which hasn’t made itself complaint to GDPR should immediately contact a data protection officer.