GDPR: GDPR stands for the General Data Protection Regulation, a new set of rules that came into effect on May 25. The GDPR is a piece of EU legislation passed by the European Parliament in 2016.
It aims to make it simpler for people to control how companies use their personal details. Companies will not be allowed to collect and use personal information without the person’s consent.
Personal data includes things like a person’s name, email address and phone number, and also internet browsing habits collected by website cookies.
Key areas of the legislation cover privacy rights, datasecurity, data control, and governance. The good news is that the law will be pretty much be identical in all 28 EU member states, meaning they only have to comply with one standard. However, the bar is set high and wide — forcing most companies to invest considerable resources into becoming compliant.
Failure to comply with GDPR could result in GDPR fines and penalties. If a company is found guilty of a data protection breachthat compromises an EU citizen’s personal data, the penalty could be up to 20 million euros or four percent of an enterprise’s worldwide revenue, whichever is highest! Putting that into perspective; A large enterprise could be fined hundreds of millions of euros, for a single privacy breach.
General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU.
GDPR Compliance Requirements
This EU compliance regulation will have a far reaching impact for organizations throughout the world.
If your organization suffers a data breach, under the new EU compliance standard, the following may apply depending on the severity of the breach:
- Your organization must notify the local data protection authority within 72 hours of identifying the breach, and potentially also the owners of the breached records
- Your organization could be fined up to 4% of global turnover or €20 million
However, GDPR does provide exceptions based on whether the appropriate security controls are deployed within the organizations. For example a breached organization that has rendered the data using encryption, disabling access to any persons, who are not authorized to access the data, is not mandated to notify the affected record owners.