GDPR (General Data Protection Regulation) is an act that has been brought into effect since 25th May 2018. It applies to all the members of the EU (European Union). The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world. It not only gives the power to the consumer over their data, but also comes down heavily on companies which do not comply. For example, there is a 4% of the annual global turnover or 20 million Euros (whichever is higher) fine, if companies do not abide by GDPR.
GDPR is designed to :
- Harmonize data privacy laws across Europe,
- Protect and empower all EU citizens data privacy
- Reshape the way organizations across the region approach data privacy.
The Organisation for Economic Co-operation and Development (OECD) published its Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, which was a set of recommendations endorsed by both the EU and the US that set out to protect personal data and the fundamental human right of privacy. GDPR takes its cue from OECD laws and a directive tabled as : 95/46/EC.
Here are the data subject rights:
Companies whose systems have been breached, need to inform their customers within 72 hours when they became aware of the breach.
Right to Access
Consumers can ask the companies for data concerning them – why, where and for what purpose is it being processed. Wherever applicable, the companies are liable to provide a free electronic format of their data, on being requested.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the consumer to have the company erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them – which they have previously provided in a ‘commonly use and machine-readable format’ and have the right to transmit that data to another controller. (company)
Privacy by Design
Data protection should be kept in mind from the design of the systems to release. Data minimization and limiting access to personal data to those needing it has to be strictly implemented.
Data Protection Officers
There are internal record keeping requirements, which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.
GDPR is being incorporated by most of the companies who deal with the EU for data access of their citizens. It promises the safety of the consumer’s data and hence the power is in their hands. Similar laws are available (for example CCPA in California) but not as strict as GDPR. The whole world should be under the protection of laws like GDPR.
For more on the blog : http://www.technospirituality.com