The GDPR - What Is It About
The General Data Protection Regulation (vernacularly the GDPR) is a legislation imposed by the EU, which applies to the use of personal data. The GDPR entered into force in May 2018.
What Is the Purpose of the GDPR?
The GDPR is a step forward in ensuring transparency in handling of data. The new regulation shall apply to any business, whether or not it is based in an EU country and which processes the data of EU citizens. It is primarily about protecting individuals’ personal details and the aim of the GDPR is to give EU citizens the control over their personal data and change the approach of organizations across the world towards data privacy. Thus, the GDPR enshrines a wide range of existing and new rights for individuals in respect of their personal data. Accordingly, this means strengthening individuals’ rights of controlling the use of their personal data.
Which Information Is Personal Data?
Personal data refers to any information from which a natural person can be directly or indirectly identified. It does not matter whether the information relates to an individual in person or in the context of professional or public life.
EXAMPLES OF PERSONAL DATA:
- a name
- a photo
- an email address
- voice or bank details
The GDPR’s Different Requirements to Various Stakeholders
GDPR has increased and tightened the obligations and requirements when personal data is processed. The organizations have to ensure their ability to comply with the GDPR. In practice, this means that organisations have to:.
WHAT DO ORGANIZATIONS HAVE TO DO IN PRACTICE?
- Take proactive approach towards management of personal data
- Understand what data their business processes as well as how and where the data is retained
- Provide transparent information about the processing
- Take data protection into consideration in the business activities
- Ensure appropriate protection measures taking into account the risk level the processing may cause for individuals etc