Some even call it a “milestone of the digital age” GDPR is General Data Protection Regulation and it will be enforced amongst the 28 European Union (EU) members including UK (Brexit). It’s 88 pages and 50,000 words long, it’s one big new data protection regulation as of May 2018 for not only just EU but also for anyone regardless of where you or your company is based- US, Germany, Japan, China wherever- GDPR applies to anyone who offers products or services to or of consumers in Europe and takes effect on May 2018. It creates rules for all European Residents’ data and how it must be handled.
Effective Date & Deadline for GDPR
GDPR was adopted on 27 April 2016 but will come into force from 25 May 2018, after a two-year transition period.
It was kind of already there by 2016, which also gave plenty of time for all the organizations to prepare their companies to comply with its laws and Regulations.
EU accounts for about 25% of Global GDP, so it’s not something you should ignore.
- That means you can’t ignore or assume what your users want.
- Ask only for the information that you are going to use like if don’t actually need to know what is their company then don’t ask for it. And if you are, then be really clear about what you’ll use it for.
- Make everything very clear. Regulators in charge of GDPR compliance love transparency. So, putting all the stuff out in the open is one of the simplest ways to protect yourself from the fines in case of incompliance.
- Don’t do sly/sneaky stuff. If you are honest, transparent and doing what you say you do then you probably won’t have regulators with their huge fines knocking on your door.
Effects if found GDPR Incompliant:
GDPR is going to introduce much stricter data protection laws and give citizens much more control over how organizations use their personal data with tougher fines against firms who were found breaching the rules including fines of up to 4% of their annual turnover or 20 million euros whichever is greater. We think one of the issues is the fact that we are only 30 days away and plenty of organizations are very far away from actually achieving compliance.
What are GDPR REQUIREMENTS?
GDPR can mean a whole load of Personal elements, both personal and sensitive personal data are dealt with by GDPR. So, in brief, it includes anything that concerns a particular person, directly or indirectly -a name, -photo, -Birth Info, -an identification number, -location data, -Health, -mental, -physiological, -genetic, -hair color, basically any character traits, – IP address, -work, -political opinions, -economic, -cultural or -social identity or any other sensitive data of that person.” One alone or the combination of any 2 or more of these type of elements without their consent may lead to incompliancy of GDPR.
Easy or just another chaos?
The ICO published a 12 steps program of guidelines, but the companies are finding it a little bit ambiguous. Certain industries sill think that the guidelines do not apply to them or they feel like it is fundamentally flawed and GDP regulations seem to have been tailored for companies like Facebook and Google; the big data processors. There are many others who think this is far too bully and ICO’s aren’t updating them enough to provide them with enough guidance.
What you could easily do:
- Identify how much personal/General data your organization holds.
- To carry out a compliance program.
- Take compliant actions to tangible business advantage.
Aren’t there data protection laws already in effect?
Yes, there are data protection laws already in place. Indeed, some countries, already have laws like the Data Protection Act of 1998. Many of the new regulations in the GDPR are present in this old regulation. However, there are also some minor changes, and some European countries have more outdated data protection regulations, this is due to the fact that the data is being used by more and more of the organizations especially with the Globalization and digitalization. Also, it may lead to the dismay of that individual, if used too much or if they are unaware of it. They are more precise and stricter this time with the rules and penalty. As, according to the analysis, Last year’s ICO fines would be 79 times higher under GDPR.
By now, We shall make it clear to you that even if GDPR seems a bit old School they do not mean to shut down any business when it comes to EU, they simply want the Citizen to be aware of where their information is, how it’s being used and how they can always change and be in control of it. Data privacy has been kind of a big deal in Europe for ages. And thus, this new regulation for European companies and Citizens.
So, the bottom line of this GDPR is, if you are using any EU Individual’s Data, then ask for it and let them know where that info is going.