What is GDPR and Where is it Applicable?

Some even call it a “milestone of the digital age” GDPR is General Data Protection Regulation and it will be enforced amongst the 28 European Union (EU) members including UK (Brexit).

It’s 88 pages and 50,000 words long, it’s one big new data protection regulation as of May 2018 for not only just EU but also for anyone regardless of where you or your company is based- US, Germany, Japan, China wherever- GDPR applies to anyone who offers products or services to or of consumers in Europe and takes effect on May 2018.

It creates rules for all European Residents’ data and how it must be handled.

Effective Date & Deadline for GDPR

GDPR was adopted on 27 April 2016 but will come into force from 25 May 2018, after a two-year transition period.

It was kind of already there by 2016, which also gave plenty of time for all the organizations to prepare their companies to comply with its laws and Regulations.

EU accounts for about 25% of Global GDP, so it’s not something you should ignore.

That means you can’t ignore or assume what your users want.
Ask only for the information that you are going to use like if don’t actually need to know what is their company then don’t ask for it. And if you are, then be really clear about what you’ll use it for.
Make sure you explain every stuff in your terms and conditions and privacy policy and in a way that they will have an option to everything.
Make everything very clear. Regulators in charge of GDPR compliance love transparency. So, putting all the stuff out in the open is one of the simplest ways to protect yourself from the fines in case of incompliance.
Don’t do sly/sneaky stuff. If you are honest, transparent, and doing what you say you do then you probably won’t have regulators with their huge fines knocking on your door.

Effects if found GDPR Incompliant:

GDPR is going to introduce much stricter data protection laws. Hence, give citizens much more control over how organizations use their personal data with tougher fines against firms. Especially those who were found breaching the rules. As a result, including fines of up to 4% of their annual turnover or 20 million euros whichever is greater.

We think one of the issues is the fact that we are only 30 days away and plenty of organizations are very far away from actually achieving compliance.

What are the GDPR Requirements?

GDPR can mean a whole load of Personal elements, which deals with both personal and sensitive personal data.

So, in brief, it includes anything that concerns a particular person, directly or indirectly -a name, -photo, -Birth Info, -an identification number, -location data, -Health, -mental, -physiological, -genetic, -hair color, basically any character traits, – IP address, -work, -political opinions, -economic, -cultural or -social identity or any other sensitive data of that person.” One alone or the combination of any 2 or more of these types of elements without their consent may lead to incompliance of GDPR.

Easy or just another chaos?

The ICO published a 12 steps program of guidelines, but the companies are finding it a little bit ambiguous. Certain industries still think that the guidelines do not apply to them. Or, they also feel like it is fundamentally flawed and GDP regulations seem are for companies like Facebook and Google; the big data processors.

There are many others who think this is far too bully. As ICO’s aren’t updating them enough to provide them with enough guidance.

What you could easily do:

Identify how much personal/General data your organization holds.
To carry out a compliance program.
Take compliant actions to tangible business advantage.

Aren’t there data protection laws already in effect?

Yes, there are data protection laws already in place. Indeed, some countries, already have laws like the Data Protection Act of 1998.

Many of the new regulations in the GDPR are present in this old regulation. However, there are also some minor changes, and some European countries have more outdated data protection regulations. Moreover, this is due to the fact that the data is being used by more and more organizations, especially with Globalization and digitalization.

Also, it may lead to the dismay of that individual, for using too much or they are unaware of it. They are more precise and stricter this time with the rules and penalties. As, according to the analysis, Last year’s ICO fines would be 79 times higher under GDPR.

By now, it should that even if GDPR seems a bit old School they do not mean to shut down any business. So, when it comes to the EU, they simply want the citizens to be aware of where their information is, how it’s being used and how they can always change and be in control of it.

Data privacy has been kind of a big deal in Europe for ages. And thus, this new regulation for European companies and Citizens.

Hence, if you are using any EU Individual’s Data, then ask for GDPR. Also, let them know where that info is going.