General Data Protection Regulation (GDPR)
What Is GDPR?
GDPR give guidelines to organizations for handling the information of their customers/individuals. GDPR actually gives more controls to individuals over their personal information. Moreover GDPR specifies how consumer data should be used and how it should be protected.
This will change the way how data is handles around the world.
In case of non-compliance, defaulterscan be fined in proportion to the severity and scale of violation. GDPR came in to (into) force on May 25th, 2018. Companies must be able to show compliance by May 25th, 2018.
Main focus of the compliance is towards, protecting the personal information of the individuals.
How will this Impact my Business ?
GDPR sets new Rules, Restrictions on commercial data usage, Businesses will have to shell out more money on Compliance Spending, Inspire Trust & Confidence, and they have to safeguard customer data security rights, which will take a more priority over the internet.Companies have already started rewriting their policies, Most Important Change is how companies share data with other vendors.
Key points in GDPR?
⦁ Consent : Companies cannot use illegible terms and conditions filled with legalese. It must be easy to withdraw consent as it is to give it.
⦁ Mandatory Breach Notification : Data processors have to notify their controllers and customers of any risk within 72 hoursof any event of data breach.
⦁ Right to Access : Data subjects have the right to obtain confirmation from data controllers of whether their personal data are being processed or not. Data controllers should provide an electronic copy of personal data for free to data subjects. This is called Confirmation of personal data usage& one has to give Free Electronic copy of data.
⦁ Right to Be forgotten : When data is no longer relevant to its original purpose, individuals have the right and request data controller to erase their personal data and ceases its dissemination, yes people have right to be forgotten, but in certain case this doesn’t apply.
⦁ Data Portability : In recent times you must have experience mobile number portability, similarly individuals can obtain and reuse their personal data for their own purposes by transferring it across different IT environments.
⦁ Privacy By Design : Calls for inclusion of data protection from the onset of designing systems, implementing appropriate technical and infrastructural measures.
⦁ Data Protection Officer(DPO) : Data Protection Officers [DPO],must be appointed in public authorities or organizations that engage in large scale (>250 employees) for systematic monitoring or processing of sensitive personal data.
Businesses can be fined Up to 4% of global turnover or 20 Million Euros.
Moreover even if your Business does not have a location in the Europeor if you handle the personal information of any European citizen, you will need to comply with the General Data Protection Regulation. The risk will hit with hefty fines
Type of data GDPR Protects
We have a set of data which is covered in GDPR. This data can be Names, Addresses, And ID Numbers, Geo Location, IP Address, Cookie Data,and RFID Tags. Moreover not only above, Health & Genetic Data, Biometric Data, Racial & Ethnic data, Political Opinions &Sexual Orientations etc are also covered in GDPR.
How this Regulation will impact beyond boundaries?
The concept of GDPR popularized in 2016 and put to effect in 2018. People are downloading Apps on their mobiles &while downloading, theApp asks for the permissions i.e.: access phone book, access location, access cookies etc. we give those permissionswithout realizing/understanding the repercussions. Companies have been collecting data at a huge pace, one of the common reason is to find the consumer behaviors. This can be in the interest of the business but this becomes dangerous if this crosses line or if misused.
This data is shared on Big data Pools and where analytics came in to picture, analytics can be used in positive as well as in negative ways.
Hence it’s a good step towards data privacy.
The factors this collection of data will impacton your choicehence this may impact your future. We are giving permissions of our future to companies and this can be misused across boundaries.