The general data protection regulation (GDPR) is one of the revolutionary new laws passed by the EU legislation recently. This law set guidelines about how organizations should process the personal data of EU residents. All organizations that are based in EU or outside EU process personal data of EU residents must comply with GDPR. This law is applied to both data controllers as well as processors.
Who does the GDPR apply to?
GDPR applies to every company, regardless of whether or not they themselves reside in one of the 28 EU member states.. This law is applied to all the organizations that process, control, store or hold data of EU residents. Not only this law covers companies that are based in EU but also those that are based outside EU but still has access to the data of EU residents. Companies that are based outside EU must have a data protection officer in EU. It is the duty of data protection officer to advise the company about compliance with EU GDPR requirements.
What does GDPR ask companies to follow in respect of data protection?
GDPR require organizations to process personal data in a lawful, fair, and transparent manner. Under this law it is the responsibility of company to fairly transfer the data and should also protect data theft. Individual has right under this law to know with whom their data has been shared, processed and about the processing activities on their personal data.
GDPR benefits for citizens
There are several benefits that GDPR give to the EU residents. Below we have discussed few of its benefits for citizens.
- Right to be forgotten: – If an individual does not want his or her data to be processed then organizations must delete the data of that individual. It is about protecting the privacy of a person and not about erasing past events or restricting freedom of the press.
- Easier access to personal data:- Every individual as right to know how their data is processed and with whom it is shared.
What are the penalties for noncompliance with GDPR?
Any organization that fails to comply with GDPR can be fined heavily. Under this law maximum fine for violating GDPR is up to 4% of annual global turnover or €20 million, whichever is greater. Examples of noncompliance:
- Having insufficient consent to process an individual’s personal data
- Contravening the privacy-by-design concept
- Failing to have records in order
- Not informing the supervising authority and data subject (individual) about a breach
- Not conducting an impact assessment