What is GDPR?
GDPR or General Data Protection Regulation
is a new set of rules designed to give EU citizens more control over their personal data. The introduction of GDPR is to simplify the regulatory environment for business in such a manner that both citizens and businesses in the EU can benefit from the digital economy. Our lives revolves around data and thus, involves attaining data from various sources. Starting from social media companies, to banks, retailers, and governments -- almost every service we use involves the collection and analysis of our personal data. Whether its your name, address, credit card number and more everything is collected, analysed and, perhaps most importantly, stored by companies for the ease of doing business.
How did it come about?
In order to be ‘fit for the digital age’, the European Commission set out plans for data protection reform across the European Union. One of the key components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.
What is GDPR compliance?
Due to the increase of awareness regarding the digital age. Data breaches happen inevitably leading to huge data being lost/stolen in the process since it flows through various people. Sometimes the same data is used by people with malicious intent to extract their own personal intent. Hence under the GDPR, organisation will not only have to ensure that the data is gathered legally under strict conditions, but that the people who manage the data are obliged to protect it from exploitation. The failure to do so attracting penalties.
Who does GDPR apply to?
The regulation applies to organisations operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. The GDPR ultimately places legal obligations on a processor to maintain records of personal data and how it is processed, providing a higher level of legal liability should the company be breached. Hence, companies should look at reviewing procedures pertaining to recording, managing employee and customer consent inline with the guideline ruled out on 25th May. For individuals, the regulation should put an end to the inexplicable consent forms shared by organisations with tons of impenetrable legal terms.
Hence, it is essential to keep oneself abreast to the new regulation ruled out under GDPR.