Everything You Need To Know About GDPR

You’ve probably received dozens of emails regarding GDPR from several companies by now. As tempting as it may seem to ignore them, you should probably understand what it really means. In this article, we’ll cover everything you need to know about GDPR.

GDPR stands for General Data Protection Regulation.

GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.  Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments — almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analyzed and, perhaps most importantly, stored by companies.

What is GDPR compliance?

Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it — and those people often have malicious intent.

Under the terms of GDPR, not only will companies have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.

Who does GDPR apply to?

GDPR applies to any company operating within the EU, as well as any company outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world will need to be ready when GDPR comes into effect, and must start working on their GDPR compliance strategy.

What is personal data under the GDPR?

The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.

When does GDPR come into force?

GDPR will apply across the European Union from 25 May 2018, and all member nations are expected to have transferred it into their own national law by 6 May 2018.

Following four years of preparation and debate, GDPR was approved by the European Parliament in April 2016 and the official texts and regulation of the directive were published in all of the official languages of the EU on May 2016.

What does GDPR mean for consumers/citizens?

Because of the sheer number of data breaches and hacks which have occurred over the years, the unfortunate reality for many is that some of their data — be it an email address, password, social security number, or confidential health records — has been exposed on the internet.

One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Companies will be required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.

GDPR is also set to bring a clarified ‘right to be forgotten’ process, which provides additional rights and freedoms to people who no longer want their personal data processed to have it deleted, providing there’s no grounds for retaining it.

Companies will need to keep these consumer rights in mind once GDPR comes into force.

Source: ZDNet, “”What is GDPR? Everything you need to know about the new general data protection regulations” – Danny Palmer, May 23, 2018

Final Disclaimer

We hope that this article brings you some additional insight with regards to GDPR. It is important to keep in mind that every business is different and that may effect what you need to do within your company in order to ensure you’re in full compliance with GDPR. This article is more or less a primer (general summary) – it is critical that you perform your own research and/or hire legal advice from an intellectual property lawyer or data protection specialist for any specific questions you may have for your business.