GDPR in easy words:
GDPR stands for General Data Protection Legislation. It’s a European Union (EU) law that came into effect on 25th May 2018. GDPR law regulates the way we use, process, and store personal data of clients.
The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, or French RGPD (Règlement général sur la protection des données) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA).
The GDPR is a vital part of EU privacy law and human rights law, especially Article 8(1) of the Charter of Fundamental Rights of the European Union. It also regulates the transfer of personal data outside the EU and EEA. Its goals are to enhance individuals’ control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.
The European Parliament and Council of the European Union adopted the GDPR on 14 April 2016, to become effective on 25 May 2018. As an EU regulation (instead of a directive), GDPR is directly applicable with the force of law on its own without the need for transposition. However, it also provides flexibility for individual member states to modify (derogate from) some of its provisions.
As an example of the Brussels effect, the regulation became a model for many other laws around the world, including in Brazil, Japan, Singapore, South Africa, South Korea, Sri Lanka, and Thailand. After leaving the European Union the United Kingdom enacted its “UK GDPR”, identical to the GDPR.
USA, adopted the California Consumer Privacy Act (CCPA), on 28 June 2018, which has many similarities with the GDPR.
Applicability outside of the European Union
GDPR also applies to data controllers and processors outside of the European Economic Area (EEA) if they are engaged in the “offering of goods or services” (regardless of whether a payment is required) to data subjects within the EEA, or are monitoring the behavior of data subjects within the EEA (Article 3(2)). The regulation applies regardless of where the processing takes place. This has been interpreted as intentionally giving GDPR extraterritorial jurisdiction for non-EU establishments if they are doing business with people located in the EU. It is questionable whether the EU or its member states will in practice be able to enforce GDPR against organizations that have no establishment in the EU.
GDPR provides consumers with more control over how their data is handled and disseminated by companies. Companies must inform consumers about what they do with consumer data every time that data is breached. GDPR rules apply to any website regardless of where they are based.
7 Main Principles of GDPR
▪ Lawfulness, fairness, and transparency
▪ Purpose limitation
▪ Data minimization
▪ Accuracy
▪ Storage limitation
▪ Integrity and confidentiality
▪ Accountability.
These principles are found right at the outset of the GDPR and inform and permeate all other provisions of that legislation.
Purpose of GDPR
One of the purposes of the General Data Protection Regulation (GDPR) is to protect individuals’ fundamental rights and freedom, particularly their right to the protection of their data. The right to one’s private life is laid down in the European Convention on Human Rights (ECHR)
Summary of 10 Key GDPR Requirements
- Lawful, fair, and transparent processing
- Limitation of purpose, data, and storage
- Data accuracy, integrity, and confidentiality
- Data protection impact assessment
- Privacy by design
- Controller–processor contracts
- Data subject rights
- Data protection officer
- International data transfers
- Personal data breach reporting
WHO NEEDS GDPR?
While the GDPR is an EU law, it applies to any company that makes its website or services available to EU citizens, including US companies.
Why is GDPR important?
GDPR ensures that all personal data is collected in a secure and legal process, with proper consent from the users.
One of the purposes of the General Data Protection Regulation (GDPR) is to protect individuals’ fundamental rights and freedoms, particularly their right to the protection of their data. The right to one’s private life is laid down in the European Convention on Human Rights (ECHR).
It prevents fraud and cybercrimes. Applying strong data protection measures and safeguards not only protects individuals’ or customers’ personal data but also your organization’s data. Therefore avoiding considerable problems, that may damage your reputation or your organization’s confidential information.