The European Union (EU) rolled out the General Data Protection Regulation- (GDPR) on May 25, 2018, bringing stringent reforms in data protection policy for residents of the European Union (EU). The goal of the GDPR is to provide individuals with robust data rights so that they are aware of and have control over how companies are collecting, storing and processing their personal data.
Why the EU adopted the GDPR?
The EU had the 1995 data protection directive in place, but it was before social media existed and before the Internet became a second home for people. The EU adopted the GDPR in April 2016 to supersede the obsolete directive that failed to address today’s public concerns over data security and had negligible non-compliance fines.
What Key Changes the GDPR brings to Protect Privacy and Data Breaches ?
Increased Data Security via Pseudonymization and Anonymization
The GDPR aims at safeguarding individuals (formally called as data subjects in the GDPR) against cybercrimes, like data loss, theft and unauthorized access. Under the GDPR, data controllers and processors have a mandatory obligation to use pseudonymization or complete data anonymization for stored data of people in the EU, so that no unwanted person/organization can track your personally identifiable information.
Explicit Consent before Processing your Data
The GDPR requires all organizations, except law enforcement and national security agencies, to seek explicit consent before collecting and processing personal information of data subjects. As per the new data protection framework, silence, pre-ticked boxes or inactivity will no longer be acceptable to constitute consent. Besides, the language in the consent form has to be plain and intelligible. Data subjects are also enabled to withdraw consent at any time they want.
Right to Data Access and Data Portability
The new data protection law improves data transparency and empowers data subjects by providing the right to data access. Data subjects can ask companies what personal data they hold on them and whether or not that data has been processed. If yes, then where, for what purpose, how it was processed and who gets to see it.
Data controllers and processors are required to provide a detailed copy of the actual data with other details in a structured, commonly used and machine readable form. Data subjects also have the right to data portability, meaning they can transmit their personal data for free to another controller, wherever relevant, in a simple and plain language.
In the event of a data breach that poses high risk to the rights of data subjects, data controllers are required to notify their supervisory authority and the data subjects about the data breach within 72 hours. The GDPR exempts data controllers from the breach disclosure requirement only if a data breach is unlikely to have a high risk to data rights. But, they are still required to document the data breach internally, so that they can produce it whenever their data protection authority (DPA) asks for it.
Extended GDPR Jurisdiction
Extra-territorial GDPR applicability is one of the biggest changes in the new data protection law. So, no matter your company is established inside or outside the EU, if your business collects and processes data of EU data subjects or monitors them, you have to be GDPR compliant.
Right to Data Erasure and Rectification
EU data subjects are also enabled to have their personal data completely erased when withdrawing consent for reasons, like data being obtained unlawfully or not being relevant or not being used for the original purpose. The GDPR also provides data subjects the right to get their incomplete or inaccurate personal data rectified.
Hefty Penalties for GDPR Compliance Violations
Under the GDPR, any business catering to EU residents will become a subject to supersized fines if it fails to show full compliance with the GDPR as of May 25, 2018. A GDPR breach can cost a company up to 4% of it annual global turnover or €20 Million, whichever is greater. Hefty penalties for non compliance are highly likely to deter businesses from not adhering to the GDPR requirements.
With the GDPR coming into force, we can assume that data privacy breaches, like the recent Facebook-Cambridge Analytica scandal, will not surface again, at least for the EU now. However, as with every policy, the GDPR is also not untouched by loopholes, which could still help unscrupulous companies to circumvent the GDPR. At this moment, we could only hope that the GDPR helps improve data security exactly the way it was intended for and eventually benefits the whole world, not just the EU.
That is the reason why we provide advanced security features to our custom mobile app development and custom web design and development services at Evon Technologies. We use the latest security protocols for data transmission & sharing, and code the solutions using the latest security standards. We follow data privacy compliance and meet all the legal responsibilities to ensure that your confidential information/data is accessed by the authorised people only. Do you think that the GDPR has all that was required to stop privacy and data breaches? Do you foresee the GDPR spillover to the other parts of the world in near future? As always, your views are vital for us, please get in touch with us.