5 Critical Aspects of GDPR: Simple and Concise Explanation
Sly Gittens??
Entrepreneur, Author, Speaker & Investor. Follow for post about Cloud Computing, Security, AI, career growth, Mindset hacking, and dynamic Women in Tech Career Journeys.
The General Data Protection Regulation (GDPR) unifies EU data protection legislation. That, in turn, unifies processes and legal obligations for any organization doing business with more than one EU state.
The scope of the GDPR, however, substantially increases the obligations on organizations that are processors of EU citizen personal data. The penalties for non-compliance are substantial, which will propel data protection as a business risk directly into the boardroom.
Are you a visual learner? I am too! This video showcases 5 Critical Aspects of GDPR: Simple and Concise Explanation. If you love my video subscribe and like my youtube channel.
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
When is the GDPR coming into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by the government; meaning it will be in force May 2018.
Whom does the GDPR affect?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting an impact assessment.
“toughest data protection rules in the world”note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement."
Example of a Fine:
How does the GDPR affect policy surrounding data breaches?
Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.
