The General Data Protection Regulation (GDPR) is a strict privacy and security law in the world. Although developed and adopted by the European Union (EU), it places obligations on organizations everywhere when identifying or collecting data related to EU people. The regulation came into effect on May 25, 2018. The GDPR imposes severe fines on those who violate its privacy and security standards, up to tens of millions of euros.
With the GDPR, Europe is demonstrating its strong commitment to data privacy and security when many people trust their data in the cloud and lawlessness is rampant. The law itself is ambitious, far-reaching, and simple in detail, making compliance with the GDPR a difficult prospect, especially for small and medium enterprises (SMEs).
History of the GDPR
The right to privacy is part of the European Convention on Human Rights in 1950, which states: “Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.” On this basis, the European Union seeks to ensure that this right is protected by law.
With the advancement of technology and the invention of the Internet, the EU recognized the need for modern security measures. Therefore, in 1995, the European Data Protection Directive was adopted, establishing a minimum of privacy data and security standards because each Member has launched its implementation law. But the Internet has already changed the information it has today. In 1994, the first ad ads appeared on the web. In 2000, many financial institutions offered online banking. In 2006, Facebook opened to the public. In 2011, a Google user sued the company for scanning its email. Two months later, European data protection authorities announced that the EU needed a “comprehensive approach to data protection,” Work began to revise the 1995 directive. The GDPR lawyer came into effect in 2016 after the adoption of the European Parliament, and on May 25, 2018, parties had to comply.
Extents, Penalties, And Important Definitions
First, if you process the personal data of EU citizens’ data or provide goods or services to such persons, the GDPR will apply to you even if you are not in the EU.
Second, the penalties for violating the GDPR are very high. There are two levels of fines, with a maximum value of 20 million Euros or 4% of global revenue, depending on the size, and the data heads are entitled to claim damages. The GDPR defines many legal principles. Below are some of the critical points we refer to in this article:
- Personal data: Personal data contains any information related to a person identified directly or indirectly. Names and email addresses are visible. Location information, nationality, gender, biometrics, religious beliefs, web cookies, and political views can also be personal. Anonymous data can also be defined when it is easy to identify someone.
- Data processing is any action performed on data, automatically or manually. Examples given in the text include collecting, recording, editing, editing, storing, using, and deleting everything.
- A data subject is a person whose data is processed. These are for your customers or site visitors.
- The data controller is the person who decides why and how personal data will be processed. If you are the owner or employee of your organization that processes data, you.
- A data processor is an external company that processes personal data on behalf of a data controller. The GDPR has specific rules for these individuals and organizations.
Ten Steps To Complying With The Gdpr – What Are The Rules?
- Find out about GDPR and check if you can process personal data.
- Inform your customers of their rights under the GDPR.
- Record your processing tasks.
- Find out if you need to do a Data Protection Outcome (DPIA) Test.
- Consider confidentiality when developing new products or services.
- Find out if you need a data protection officer.
- Record and report data breaches.
- Make a data processing agreement.
- Find your company leader.
- Ask permission to process your data.