The General Data Protection Regulation is a new European Union regulation which aims at protecting personal data. The law came into effect on 28 May 2018 and you need to know the basics of this if you handle any data. There are a number of basic facts that you need to be aware of in regards to GDPR.
GDPR will apply to all organization that serves citizens of the European Union. This means that if your company is located outside of the EU, you will still have to comply with GDPR. Additionally, the size of your business or operation does not matter as you will have to comply with the regulation.
When looking at GDPR, you need to know what it classifies as personal data. According to the regulation, this is any information which is private, professional or public. This will include names, emails, bank details, IP addresses and medical information. Social media posts and photographs are also considered to be personal data within this regulation.
The driving force behind this regulation was to stop companies from making unfair decisions based on algorithms. While algorithm choices were believed to be fairer because human bias was removed, it is also seen as being removed from compassion. This process has since been criticized for excessive discrimination using certain items of data.
The Deletion Of Data
When the regulation came into effect, it allowed all citizens of the EU the right to request companies to delete their personal data. The regulation does not only impact the rights of the citizen to request data deletion, it also states that the companies have a legal obligation to do this in certain situations. If the purpose of the collection of the data is no longer relevant the company will have to delete all of the information it has gathered. All data which was previously collected without clear and informed consent will also need to be deleted.
The Rules And Penalties
As with all regulations, there are specific rules and penalties that you need to know about. If you run a larger company, you will have to employ a designated data protection officer. Depending on the size of your operation, you might have to employ multiple officers. If you have a data breach, you are also legally obligated to inform the supervisory authority in your location as well as all the individuals whose data was stolen or compromised.
If you are found to breach GDPR, there are tough penalties. A company could be hit with a fine of €10 million or 2% of the annual turnover. If the case is more serious, the penalties will double. Details have not been fully released about the penalties that repeat offenders will be facing.
GDPR has come into effect and you need to ensure that your business is compliant if you have any dealings with citizens of the European Union. Depending on the size of your company and operation, you will need to hire a designated data protection officer. You also need to ensure that you comply with all legal framework which has been set out.