With the biggest shake-up in data privacy and protection laws the EU has seen in the last 20 years fast approaching, its time to get ready.
The General Data Protection Regulation (GDPR) is a significant piece of legislation, that is going to impact every business that handles private data of EU citizens.
Not only does this impact companies based in Europe, but ANY company worldwide that handles private data of European citizens will be affected.
It is a behemoth piece of legislation.
In typical EU fashion the GDPR was finalized in 2016 after years of negotiations between the various EU member states and institutions. The GDPR builds upon the core principles of the EU Data Protection Directive and places a significant emphasis on business accountability and individual consent.
Here’s the EU’s executive body summary of the GDPR objectives:
The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy.
In English: The GDPR was designed to give power back to private citizens over how companies use their data. The right to be forgotten and collecting consent is a fundamental aspect of the GDPR. Companies will now need to obtain explicit consent from their customers to use their personal data.
With data breaches becoming increasingly common in recent years the EU has decided to act to protect private individuals data, and put more accountability on businesses who either control or process said data.