GDPR or general data protection regulation refers to the EU (European Unions') new data protection law that came into effect in May 2018. The regulation strengthens and builds on the EU’s current data protection framework, replacing the 1995 Data Protection Directive.
It sets out the rules for how consumers' personal data must be collected, processed, and stored by organizations operating in the EU. It also establishes new rights for individuals with respect to the protection of their personal data.
Under the GDPR, personal data must be:
– Legitimate and necessary for the purposes for which it is being processed.
– Accurately and carefully collected.
– Processed in a transparent, consistent, and fair manner.
– Erased or destroyed when it's no longer needed and subject to regular monitoring.
Organizations that process the personal data of EU citizens must comply with the GDPR unless they can demonstrate that they meet certain conditions. The GDPR applies to any organization that processes the personal data of EU citizens, regardless of where the organization is located.
Organizations that process personal data must disclose their contact information to individuals who request it. They must also inform individuals of their right to access their personal data, as well as the right to have it erased or destroyed.
If these regulations are violated, the GDPR imposes significant fines including up to 4% of an organization’s global revenue or €20 million (whichever is greater).
When did GDPR come into effect?
The GDPR came into effect on May 25th, 2018.
What does GDPR require of businesses?
Under the GDPR, businesses must obtain consent from users before collecting any personal data, as well as providing users with access to their own data and allowing them to delete it if they wish. Businesses must also take appropriate security measures to protect user data and notify authorities of any data breaches that occur.
Fun Fact:
"The GDPR has been estimated to have cost businesses in the European Union over $7 billion dollars in compliance costs since its introduction in 2018." (Holland, 2019)