EU’s GDPR will impact companies inside and outside the Union
GDPR, meaning General Data Protection Regulation, will go into full effect next May, and promises to mark a revolution in terms of how citizen and consumer personal data is handled.
The European Union (EU) is known for some strict laws and regulations regarding the privacy and protection of its citizens, and the new GDPR is no exception. The General Data Protection Regulation is the most important change in data privacy regulation in the last 20 years, aiming to ensure the privacy and integrity of all consumer data within the EU.
This regulation reinforces the rights of all individuals and makes companies responsible for the personal data they process. In this case, “individuals” refers not only customers, but also suppliers and employees. It also has a large spectrum of action, as all organizations inside the EU and organizations outside the EU offering services or products in the EU need to implement the GDPR.
In essence, the GDPR applies to all organizations that hold personal data of EU citizens, where “personal data” refers to any information relating to a person or “data subject” that can be used directly or indirectly to identify a person. Failure to comply may result in fines of up to €20 million (over $24 million) or up to 4% of the company’s turnover.
GDPR is around for a few years now, but it takes real effect on May 25th. In this date, all organizations operating in the EU must comply with the new General Data Protection Regulation. Among the main changes is the fact that citizens will be given more power to access, control and erase their personal data, and there is added responsibility on the part of the companies that hold this information.
With the GDPR in full effect, citizens get free and full access to their personal data held by an organization, such as how, where and for what purpose is that data used. They can ask for the definitive elimination of their data, thus having the right to be forgotten or not contacted, and also oppose to the transfer of that data to different entities.
On the other side, companies need to be transparent on their data management policies, protect personal data by default, they need to have someone in charge of data protection (Data Protection Officer), reinforce their policies and procedures on data security, establish procedures to mitigate any breaches, among other requirements.
The GDPR requires that companies rethink all their strategy when it comes to handling personal data but will, at the same time, ensure additional safety for EU consumers and citizens. Regardless of any personal opinion one might have, this regulation will surely have a strong impact inside the EU.