What is GDPR and how did it come about?
The General Data Protection Regulation (GDPR) is a regulation that was enacted by the Council of European Union, the European Commission and the European Parliament with the aim of strengthening personal data protection for people living with the EU. It is an upgrade of the 1998 Data Protection Act and seeks to address new ways of exploiting people’s data as introduced by the cloud and internet technology. For instance, your name, credit card number, address and phone number are collected, analysed and stored by organizations such as ,banks, governments, social media companies and retailers. Therefore, the GDPR was enacted to give people more control over their personal data. The European Union hopes to build trust in the growing digital economy by strengthening data protection and privacy legislation and enforcing tough compliance measures. Additionally, the EU seeks to provide businesses with a clear and simple legal operating environment by using this legal framework.
What is GDPR compliance?
Data breaches occur daily; information gets stolen, lost or risks being used maliciously in the wrong hands. Under the GDPR, organizations are required to gather personal data under strict and legal conditions. Moreover, those who collect and manage the data are tasked to protect it from exploitation and misuse while respecting the rights and wishes of data owners to avoid facing hefty penalties.
Under the current data protection act, personal data includes, photos, address, and name. The GDPR expanded personal data definition to include biometric data, genetic data and IP addresses that can be processed to distinctively identify a person. The GDPR Compliance Services will take effect in all EU member state on May 25, 2018.
What does GDPR mean for businesses and consumers?
The GDPR applies to companies conducting business activities with Europeans whether they are based within the EU region or not. The regulation recommends that privacy controls and data protection safeguards should be built into products and services at their initial development stages. Also, businesses are encouraged to utilize techniques like pseudonymmization to protect their customers’ privacy.
For consumers, the GDPR gives them the right to know when their personal data such as, social security number, health records, and email addresses have been hacked or exposed on the internet without their consent. Organizations will be required to notifying the relevant national bodies immediately any data is hacked to ensure that the affected citizens take preventive measures to protect their personal information. Organizations are also required to detail how they use consumers’ data in a simple and comprehendible manner.
Companies must implement the right organizational and technical measures as per the GDPR provisions that advocate for governance and accountability. These measures include, but are not limited to documenting processed activities and data protection provisions, conducting internal audits, reviewing organization’s privacy and security policies and ensure staff training on security and privacy.