The initials GDPR stand for the General Data Protection Regulations which are regulations in the European Union concerned with data protection measures and privacy assurance for all individuals that inhabit the European Union or the larger European Economic Network. It also stands against the exportation or sharing of personal and private data outside the EU or EEN region.

The main motivation towards the creation of these regulations is to give individual citizens power and control over their own personal data and to enhance the environment for international business by ensuring it is accepted in unity in the European Union.
Following the direct precedence from the Data Protective directive, the regulations were made to contain requirements and guidelines dealing with the processing of personal identifier info of persons inside the European Union region.

It is applicable to all institutions, enterprises and individuals regardless of their physical location, that conducts their business in the European Economic Network at large. This meant that any process in business that handled vital private information on individuals had to be designed with the data protection in design and also by default that is data was to be stored using pseudos’ and anonymisation which ensures the data is least accessible to the public without authorized access by the use of the highest possible privacy settings and it also makes sure that no one subject can be identified solely from the pseudos unless any additional information was stored.

Processing of any data may not be possible unless done under specification from the regulation on a lawful basis or if the data processing mechanism-device or personnel-has received explicit authorization from the data owner. The data owner has the ability to declare whether or not and how data personal to him/her can be used or accessed and as well the power to revoke this very permission at any one time.

Any data collection, declaration of the lawful basis and purpose of processing individual data and how long specifically the data is to be kept and whether or not it is being shared outside the boundaries of the European Union has to be declared by the processor of these personal data.

Any user is however allowed under the law to request a copy of the data collected and to have it done away with at any one time or under any circumstances. The General Data Protection Regulations clearly protects these rights. As for larger organisations such as public authorities or businesses whose basic activities are revolved around the processing of personal data either systematically or regularly, are required to employ an individual who will be in charge of managing the compliance of the given organisation with the GDPR, this is the data protection officer.

As a security measure and to protect user’s rights to privacy, any breaches or abnormalities are required to be reported within 72 hours of first identification if they may have an effect on the victim’s right to privacy.

Because the General Data Protection regulations is a regulation and not a commanding directive, it is not dependent on any change or creation of legislative laws by any national governments and is directly applicable and binding.

Leave a Reply

Your email address will not be published. Required fields are marked *