The General Data Protection Regulation (vernacularly the GDPR) is a legislation imposed in the EU, which applies to the use of personal data. The GDPR has been in force since May 2018.
What Is the Purpose of the GDPR?
The GDPR ensures transparency in handling of data. The regulation applies to any business that processes the data of EU citizens, regardless of whether it is based in the EU. It is primarily about protecting individuals’ personal details. The aim of the GDPR is to give EU citizens control over their personal data and change the approach of organizations across the world towards data privacy. Thus, the GDPR entails a wide range of rights for individuals in respect of their personal data. Accordingly, this means strengthening individuals’ rights of controlling the use of their personal data.
Which Information Is Personal Data?
Personal data refers to any information from which a natural person can be directly or indirectly identified. It does not matter whether the information relates to an individual in person or in the context of professional or public life.
EXAMPLES OF PERSONAL DATA:
- Name
- Photo of person
- Email address
- Voice or bank details
The GDPR’s Different Requirements to Various Stakeholders
For organizations such as companies, public entities and communities, the GDPR means a demand of increasing and tightening obligations and requirements when they process personal data. The organizations have to ensure their ability to comply with the GDPR. For example, it may be necessary to develop formatting capabilities to meet access requests.
WHAT DO ORGANIZATIONS HAVE TO DO TO COMPLY WITH THE GDPR?
- Take a more proactive approach towards management of personal data
- Determine what data their business possesses
- Ascertain how and where the data are retained
- Set legally defensible policies for how the data will be collected, managed, and destroyed
- Include data protection considerations in the core of their business activities
- Protect any personal data in their possession
- Implement appropriate protection measures taking into account the risk level the processing may cause for individuals