In May this year, Europe’s data protection is expected to undergo their biggest changes in two decades with the introduction of the new GDPR. This regulation will bring a change in the way businesses and public sector organisations handle or process personal data of individuals residing within the European Union. The following blog gives you a brief understanding of everything you need to know about GDPR; from its meaning, and requirements to its challenges and deadlines.
What is GDPR?
General Data Protection Regulation was developed by The EU to formulate the rights of its citizens, and their personal data. This regulation applies to every organisation and firm that processes or stores such data, irrespective of where they are located.
The new provisions by GDPR will be consistent for all twenty-eight EU member states, which mean all the companies will have to meet just one standard within the EU. As this standard is quite high, companies are expected to make a large investment to convene to it and administer.
About two-thirds of companies in the US will need to rethink their strategy in Europe states an Ovum Report. The report also suggests that around 85% believe that GDPR will put them through a competitive disadvantage with companies in Europe.
How will the GDPR affect?
Listed below are top five changes that GDPR will bring along:
• Stricter consent requirements- This means a person’s consent for collecting and processing personal data will only be valid if it is given in a voluntary, specific, conscious and unequivocal way.
• Special rules for data protection of minors- If an individual has not completed 16 years of age, then along with his/ her permission, the consent or guardian or parent will be mandatory.
• An obligation to nominate a data protection officer- The company will have to employ a Data Protection officer if it falls into any of the following categories:
a) Public sector Company
b) Processing large amount of data i.e. 5000 individuals per year
c) Processing special category of data
d) Employing more than 250 individuals
• An obligation to maintain a record of processing activities- Every company will have to keep a record of all personal data processing activities.
• An obligation to conduct data protection impact assessments- Companies will have to carry out an assessment of envisaged processes on the protection of personal data.
Which companies will the GDPR affect?
GDPR will have an impact on any company that stores or processes personal information about citizens of EU and within EU. Mentioned below is the specific criterion for companies required to comply:
• Presence in the EU country
• No presence in EU, but the company processes personal data of individuals residing in EU.
When will the GDPR apply?
GDPR will apply in all EU member states this year, on May 25th.
According to a snap survey of 170 cybersecurity staff by Imperva, most of the IT companies know about this legislation, less than are preparing for its arrival.
What type of data will be protected by GDPR?
• Basic identity information
• Web data
• Health and genetic information
• Biometric data
• Racial or ethnic data
• Political opinions sexual orientation
Here is all that every company that does business in Europe needs to know about GDPR.
Keep reading iTMunch for more such updates in the tech industry!
- Aleksejeva N, “Are you ready for the new General Data Protection Regulation?” Deloitte.Legal avaialble from: https://www2.deloitte.com/content/dam/Deloitte/ee/Documents/about-deloitte/Are%20you%20ready%20for%20the%20new%20General%20Data%20Protection%20Regulation%20-%20Natalia%20Aleksejeva.pdf [accessed January 2018]