What is GDPR ( General Data Protection Regulations )?
Published by: Albert Gibosse
In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe ‘fit for the digital age’. GDPR came into force on May 25, 2018.
One of the key components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU framework applies to organizations in all member-states and has implications for businesses and individuals across Europe, and beyond.
GDPR was designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy. This legislation was designed to reflect the world we’re living in now, and to bring laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet era.
As we know, every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments, every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analyzed and, perhaps most importantly, stored by organization.
What is GDPR compliance?
As data reaches happen, the information gets lost, stolen or otherwise released into the hands of people who were never intended to see it
The GDPR ensures that organizations gather and use personal data legally and under strict conditions and secure it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.
Who does GDPR apply to?
GDPR applies to any organization operating within the EU, as well as any organization outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world will need to be ready when GDPR comes into effect, and must start working on their GDPR compliance strategy.
There are two different types of data-handlers the legislation applies to: ‘processors’ and ‘controllers’. The definitions of each are laid out in Article 4 of the General Data Protection Regulation.
Here’s are few steps for your preparation checklist
While the controller is any person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”, the processor is the person, public authority, agency or other body which processes personal data on behalf of the controller. Both must adhere to GDPR regulations.
According to the UK’s Information Commissioners Office, the authority responsible for registering data controllers, “controllers will have significantly more legal liability if they are responsible for a breach, as these obligations for processors are a new requirement under the GDPR.
Essentially, GDPR also places legal obligations on processors to maintain records of personal data and how it is processed, providing a high level of legal liability should the organization be breached.
Controllers will also be forced to ensure that all contracts with processors are in compliance with GDPR.
Personal data under the GDPR
Personal data include name, address, photos, IP address, sensitive personal data such as genetic data, biometric data which could be processed to uniquely identify an individual, income, and beyond.
Ensuring GDPR compliance will instill trust into your customers and will bring benefits to your organization.
Need help with GDPR Compliance? Please request assistance here: