Subscribe to our Youtube Channel ☞ Click Here
May 24, 2018
The advancement of technology has made our routine office work much easier. But at the same time, dependence on software brings the threat to data privacy and security. We come across many people who complain about the theft of personal data.
If we look around, our life revolves round variety of data. Think about financial institutions, educational institutes, government organizations, online shopping portals, social media, etc. Wherever you want to take services, you have to provide some or other type of personal data. It can be anything ranging from your personal details, contact details or credit card details. This data once collected is stored with these organizations for retrieval in future transactions and sometimes for data analysis. Now the question arises, is your data safe with these organizations? If you think no, will you stop using those services where such kind of data is to be provided? Even if you don’t care, you can’t close your ears when you come across news of data leaks happening around.
In view of data protection and security, European Union has come up with General Data Protection Regulation abbreviated as GDPR. You might have heard about this term earlier; let us have a walk-through on GDPR with some more detailing.
GDPR at a Glance
- What: GDPR is a regulation to strengthen data protection for individuals.
- When: It will be into effect in May 2018.
- For Whom: It will be applicable to companies in European Union along with those who have their operations and customers in EU.
- Why: GDPR will allow consumers to have control on their data.
- Consequences: In case of breach of GDPR rules, the fines are upto 4 percent of total global turnover of the defaulters.
What is GDPR?
GDPR i.e. General Data Protection Regulation is agreed upon by the European Parliament and Council in April 2016 to replace the Data Protection Directive 95/46/ec in May 2018. European Union’s GDPR was brought in as a key component of data protection reform with the intention to ensure application of identical data protection laws in every country within the EU.
Essentially, GDPR is a new set of rules formulated to let EU members have more control over their personal data. In simple words, GDPR’s objective is to provide a smooth regulatory environment to businesses in EU by taking full advantage of digital economy. This is going to be the primary law to govern the way companies will protect EU member’s personal data. The companies which are already following the rules must see that they are complying to the new requirements of GDPR before it becomes effective from May 25, 2018. This is necessary to avoid the bitter taste of penalties for companies which fail to achieve GDPR compliance before the deadline.
From When GDPR will be Applicable?
GDPR will come in effect from May 25, 2018 effectively replacing the Data Protection Act 1998 across entire European Union to standardize the use of data in business. The efforts for standardized regulations started back in 2012 anticipating the possibilities of breach of consumers’ data. The European Commission in 2012 agreed to the need of making Europe equipped with proper laws in the digital age. With around four years of planning and consideration, GDPR got approval in April 2016 followed by the regulatory directives published in May 2016.
Who will be Affected by GDPR?
GDPR applies to all data handlers whether they are controllers or processors. Controller can be any entity in the form of a company, person or a public authority who controls the collection and handling of data, while processor is any entity which processes the data on behalf of a controller. So, all entities which either collect or process any personal data of consumers will be affected by GDPR. The controllers and processors outside the EU have also to abide by the rules as long as they are dealing with data belonging to EU members. Controllers have to strictly make sure that any personal data collected is processed transparently in accordance with the laws with a clear and definite purpose. Additionally, it’s their responsibility to delete the data once their purpose is served.
Why is GDPR Required?
In order to protect digital data from unauthorized access or abusive actions, data security is required irrespective of whether the data is stored and processed in local computers or server databases. In case of data breach, the data protection authority can be informed within 72 hours of discovering the data breach.
Due emphasis has been given on the conditions for taking permission from the consumers and asking them to provide their data. In this view, companies cannot make use of vague or unclear statements to get acceptance from consumers for collecting and using their data.
What are the Consequences of Failing to Comply with GDPR?
The regulations comes along with many essential items like fines for not adhering to the rules, breach notifications, opt-in consent, appointment of data protection officer and responsibility for data transfer outside the EU. Obviously, there will be a huge impact on businesses dealing with data of consumers. A significant difference will be soon felt in the way the customer data is collected, stored and used by companies.
Sticking to GDPR is essentially required. There are potentially big punishments for the companies which fail to comply with GDPR. Any business found not complying to the rules can be fined upto €20 million or 4% of the company’s global annual turnover. Big companies with huge annual turnover will have to more careful once the regulations will come in effect. In worst case of data abuse, there are provisions of more harsh fines for the companies.
In conclusion, GDPR has been put forward to restrict companies to misuse the personal data of consumers. It is not only going to be applied to companies located within the EU, but it will also be imposed on those they are offering goods or services outside their boundaries. For conducting business smoothly in European countries, companies have to abide by the rules of GDPR keeping themselves away from any kind of penalties. Hence, the impact of GDPR will be more extensive than it is understood at this stage.