EU GDPR – Тhe new General Data Protection Regulation at a glance
Today, May 25th 2018, is the day when the new General Data Protection Regulation (GDPR) of the European Union comes into force. It is an update of the existing Data Protection Act 1998 (DPA) and is considered to be the most expansive change in the data privacy legislation that will affect organizations worldwide by creating a more stringent data protection framework for them to comply with.
Overview of the key objectives
The GDPR revises how the personal data of EU citizens must be protected by changing the way organizations process it. The regulation applies not only to EU businesses, but also to non-EU based companies which have access to and/or handle personally identifiable information on any individual residing in the European Union.
Main protections and updates of the GDPR:
– EU citizens whose information is to be collected must give their clear consent prior to any data collection and are allowed withdraw their consent at any time.
– EU citizens can request from a company to delete their personal data
– EU citizens can request information on where and what purpose their data has been held and used for. They can also request to be provided with an electronic copy of that data.
All organizations that fall under the act of the GDPR must be compliant and strictly follow its provisions. Any breach and failure to comply with the law can lead to penalties of up to 20 million euro or 4% of global annual turnover of the organization.
With the GDPR, the European Union aims at both protecting the personal data of the EU consumers and ensuring that organizations are fit for the digital economy. The update of the legislation will also support the new Digital Europe programme proposed by the European Commission which has an overall budget of 9.2 billion euro.