Skip to main content

The General Data Protection Regulation

According to the official statement, The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). GDPR requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

The regulation was adopted on 27 April 2016 and becomes enforceable from 25 May 2018. It will be directly binding and applicable in all member states. Therefore, in today’s article, we summarised what GDPR means for companies in the European Union.

GDPR and company regulations

GDPR has the aim to give the control over personal data back to citizens and residents of the European Union. This means that regulatory environment for international business will be simplified. Companies that collect data in EU countries will need to comply with the new rules of protecting customer data. Companies will need to have the same level of protection for an individual’s IP address or cookie data as they do for name, address, and ID numbers. Privacy settings must, therefore, be set at a high level by default, however, GDPR does not define what constitutes “high level”, so implementing it can be tricky.

Why is GDPR needed?

Public concern over privacy has been on the rise in the previous years. The GDPR replaces the EU’s former Data Protection Directive which has been in effect since 1995. As this directive was created before the internet became widespread, it lacked regulations towards online businesses and privacy. Consumers have been more conscious about data breaches and they have been expecting more transparency and responsiveness from companies who use their data. The need for a new regulation, therefore, have been pushed by the public and actions were needed to be taken.

What does GDPR protect?

Any information, such as names, addresses, ID numbers have already been needed to protect, however, web data have not. P address, cookie data, RFID tags will be under protection as well, as soon as GDPR will be in action. Besides these, GDPR will cover the protection of health and genetic data, biometric data, racial or ethnic data, political opinions and sexual orientation.

Sanctions in case of not complying with GDPR

The EU has named some scenarios where neglecting GDPR will cause consequences for the companies that are operating inside the European Union. A first case of non-intentional noncompliance will impose a warning in writing. In other, much serious cases fines can go up to €10 million or up to 2% of the annual worldwide turnover of the preceding financial year or fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year, if there has been an infringement.

Any company is affected by the new regulations that stores or processes personal information about EU citizens within EU states. Even if there is no business presence within the EU, GDPR will affect them.


You might also be interested in:


Share this post

Comments ()