- 1 What is GDPR Compliance– General Data Protection Regulation?
The always existing question of what Internet’s big Giants Google and Facebook have about you, what are they doing it with and who else is using that data has never been answered directly. Or, the answers to a simple question like ‘Why am I being shown this ad?’ has always been vague.
The GDPR GDPR Compliance– General Data Protection Regulation shifts this power balance towards the digital consumer on May 25, 2018.
On January 2012, when the European Commission set out plans to make Europe fit for the digital age, the need of data protection reform across European Union was the most crucial. Suspending the UK Data Protection Directive of 1995, an agreement was reached after four years and GDPR Compliance– General Data Protection Regulation was adopted on April 27, 2016.
Unlike the Data Protection directive of 1995, GDPR Compliance– General Data Protection Regulation is directly applicable and obligatory and doesn’t require the national government to pass any legislation.
What is GDPR Compliance– General Data Protection Regulation?
GDPR Compliance– General Data Protection Regulation puts its regulatory teeth in longstanding Europe’s Data Protection Reform about the use and privacy of the individual’s data within the European Union. This regulatory shift in data protection is unprecedented and requires companies to be accountable for the data they collected or processed without the approval of the citizen. At its core, it gives back the control to EU citizens over their collection and use of personal data.
- For Individuals:
It brings a new era to European Union wherein its citizens and residents have control over their personal information. It ensures that the user understands and consent to the information that is being collected from them. Further, the users will have the right to access the data that companies have about them.
The GDPR has brought in ‘digital rights’ for European Individuals in the times when there is an economic value of personal data.
- For Companies:
The proposed GDPR of European Union extends its scope to all the foreign countries using or processing personal data of European citizens.
With GDPR, the companies need to be clear with about their collection of personal data like email address, IP address, phone numbers, cookies etc. and the use of it. The companies will have to keep utmost protection over personal data of EU citizens or endure huge financial consequences.
Why is GDPR Compliance– General Data Protection Regulation introduced?
RSA surveyed over 75,000 digital consumers from Italy, UK, France, Germany and US. 80% of these digital consumers complained about the loss of banking and financial data; 75% cited concerned about the loss of security and identity information like driving license number, passwords, passports, etc. Hence, the urgency of data security regulation emanated.
Which companies does the GDPR affect?
Companies with the following criteria come under GDPR directive.
- Companies present in EU
- Companies present outside EU but process personal data of EU citizens
- Companies having more than 250 employees
- Companies having less than 250 employees but collect or process EU citizens personal data.
What is the Deadline for the company to be in compliance?
The companies need to be in compliance by May 25, 2018.
What is the Scope of GDPR Compliance– General Data Protection Regulation?
- The GDPR is applicable on any user, organization, agency, service provider, the website that collects data from the EU residents or any user, organization, agency, service provider, the website that processes that data based in EU.
- The GDPR is applicable to organizations based outside EU that collects process or use personal data of EU residents.
- The GDPR doesn’t purport to be applicable to National Security Activities or Law Enforcement.
- Further, many industry groups have shown concerned about facing legal conflicts if they are subjected to the third country’s law enforcement and have to disclose the personal data of European Citizens. Article 48 of GDPR can be invoked which states that any judgment of courts or any administrative authority of the third country can only enforce disclosure of the European citizen’s personal data if they have signed a mutual legal agreement or an international treaty between EU Member State and non-EU Country.
- The GDPR is also applicable to police and criminal justices authorities on European citizens personal data exchanges between national, European and international countries.
Personal Data can be anything related to individual’s personal, public or professional life; it can be their name, photograph, cookies, address, email id, bank details, social media posts, IP address, medical information, etc.
Single Set of Rules
GDPR Compliance– General Data Protection Regulation applies a single set of rules to all the European Union Member States. To govern each member state, it will establish an independent supervisory authority (SA). These Supervisory Authorities are responsible for investigating complaints & issues, sanctioning administrative offenses, etc. The SAs are also liable to cooperate with other SAs to organize joint operations and provide mutual assistance.
If an organization has multiple business establishments in EU then it will come under single SA called Lead Authority. This Lead Authority is based on the location of the main establishment of the business where most of the activities take place.
GDPR Compliance– General Data Protection Regulation covers European Union’s 28 member countries. It is applied to all the digital publishers, schools, universities, SMEs, Fortune 500 companies, Tech Giants, banks, ad-tech companies, etc.
For example, if a social networking user requests to delete their photos they posted as a minor, the social networking websites will have to abide by their requests and inform the search engines and other websites who are using their photos to remove them.
Further, stricter conditions on the collection of sensitive information such as sexual orientation, race, religion, political affiliation, etc. are now applicable to the websites.
The GDPR has already incited and affected Tech Giants like Google and Facebook to make some changes to its data collection and its processing practices. Last June, Google announced to stop mining its user’s email and show personalized ads. In September, it remodeled its dashboard to be more user-friendly. Moreover, Facebook also announced a launch of its privacy dashboard in January. Though the GDPR is only applicable in Europe, but it is easy to make changes globally rather handle different systems.