GDPR is the latest regulation on data protection and privacy for all individuals within the European Union. It stands for General Data Protection Regulation. Enforcement for the regulation begins on May 25. GDPR addresses the export of personal data outside the EU. It aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR applies to data collected about European Union citizens from anywhere in the world. A website with any EU visitors must comply with the GDPR, which means virtually all businesses that want to sell products or services to the European market.
Here’s what you need to know about the new data regulation:
GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Are You GDPR-ready?
You have time until May 25, 2018, to comply with the regulations set by the GDPR. Make sure your practices are in line with GDPR. Only collect personal data that you need and only store it for as long as you need it. Any breach of security can lead to big fines under the regulation.
Supervisory Authorities of different member states are going to be set up. SA’s will be responsible for:
- carrying out audits on websites
- issuing warnings for non-compliance
- issuing corrective measures
SAs have both investigative and corrective powers to check compliance with the law and suggest changes to be compliant.
- Assess the different ways in which you’re collecting visitor data.
- Make sure that your users can control their data.
- Avoid collecting surplus user information.
Remember, serious infringements can merit GDPR fines of up to 4% of a company’s global revenue and a lesser fine of up to 2% if company records are incorrect. Although this post has covered the basics of GDPR, you may want to go through the regulation in detail for a clearer picture.