General Data Protection Regulation (GDPR)
On 14 April 2016, the GDPR was ultimately approved by the Parliament of EU. It took place after preparing it for four long years. The EU General Data Protection Regulation (GDPR) has been created in a way that would harmonize laws relating to data privacy all across Europe. This was done in order to empower and protect the existing citizens all over European Union. GDPR is also organized in a way that would shape the way organizations approach the concept of data privacy.
GDPR is applicable to ‘personal data’, which means any information that relates to an individual. An individual would be identified by an identifier by reference. Personal identifiers can include a wide range of personal data such as identification number, name, online identifier or location data, changes taking place in technology and the manner of collecting people’s information.
It must be particularly kept in mind, that what are the organizations that fall under the need of protecting their data.
- Organizations that involve themselves with systematic monitoring
- Public authorities
- Organizations engaging in sensitive personal data in a large scale
Organizations that do not fall under any of this category need not worry about appointing a Data Protection Officer. Data breaches generally take place when the breach has been taken place in the notification policies of the company.
The aim of GDPR lies in setting forth a set of rules in order to provide EU citizens more control on their personal data, than before. GDPR simplifies the environment for citizens and businesses established in the EU. The motive behind this action is to fully benefit from the existing digital economy.
Every aspect of our lives is intermingled around data. Every service that we undertake involves the collection, as well as analysis using our personal data. From banks, retailers, social media companies to even governments ask for our personal data. Organizations store an individual’s name, credit card number, address and others.
What is meant by breach of data?
Data can be breached at any time. Information that is provided by an individual may get lost, or even stolen. In the worst scenario, this data may slip into the hands of people who were not supposed to see the data content or would utilize the data for the bad.
Under the provisions of GDPR, it is ensured that organizations gather or collect personal data entirely under strict conditions and legal terms. The ones who collect the data would be obliged to manage the data and ensure confidentiality. They will have to guarantee that no exploitation and misuse will be there. Respecting the data owner rights has to be ensured.
According to GDPR rules, only one law would be existing and applicable to all companies involved in business within the member states of EU. Under GDPR, even Facebook could be entitled to a fine upon the order of $1.6 billion.
The European Commission belief that an authority, that is one for the entire Europe would be better for businesses. It would be cheaper, and at the same time simpler for the businesses, to remain active within the geographical area. As per the Commission, it has been considered that 2.3 billion Euros could be saved every year all across Europe.
With the unification of the rules of data protection in Europe, a business is generated by lawmakers that contribute to vast opportunities and innovation possibilities.