GDPR
Published:
GDPR stands for General Data Protection Regulation. It is one of the most ambitious regulations in terms of data privacity and data protection. Its main purpose is ensure that the user knows and controls what the companies are doing with the data generated by them and their usage of the platforms. This law (2016/679 passed in the EU parliament) comes in order to replace the Data Protection Directive 95/46/EC. It serves also to harmonize data privacy laws across Europe.
The law was approved after 4 years of preparation on 14th April 2016.
The enforcement date is 25th May 2018.
The companies and organizations in non-compliance may face heavy fines of up to €10 million or up to 2% of the annual worldwide turnover of the preceding financial year.
The key points of the law are:
- Breach Notification: breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach.
- Right to Access: user has the right to obtain a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
- Right to be Forgotten: right to enforce the company to remove all the personal data or other usage data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent.
- Data Portability: GDPR introduces data portability - the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller.
- Privacy by Design: Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.