Step 1 of 4•12 minutes read
The General Data Protection Regulations (GDPR) have the purpose of protecting persons from the consequences of incorrect processing of their personal data and the free movement of such data. GDPR is a model act protecting personal data applicable since the 25th of May 2018 in all EU and EEA areas.
GDPR replaced previous legislation, the Data Protection Directive (DPD), that was enacted in 1995. DPD was a directive made by the European Union's directive regulating the processing of personal data within the EU and the free movement of such data. The directive was therefore a component of the EU privacy and human rights law.
The European Union thought that it is a person's fundamental right to protect their own personal data, with his act the EU wanted to accomplish an area of freedom, security, and justice for all.
This regulatory instrument is used as a model for national laws worldwide, ranging from UK and Turkey to Japan and South Korea. It applies to any organisation within the EU and EEA area and any organisation outside the EU and EEA area that offers service to customers or businesses in the areas within the EU and EEA area. However, if you monitor the behaviour of people within the EU and EEA areas, you also have to comply with GDPR legislation.
The GDPR act lies upon 7 main principles, which are outlined in Article 5. This means that if you process personal data, you should do so according to the following seven principles:
Hence, processing must be lawful, fair and transparent to the data subject. You must process data for the legitimate purposes specified explicitly to the data subject when you collected it. You should collect and process only as much data as absolutely necessary, for the purposes specified and nothing more. Additionally, you must keep personal data accurate and up to date.
You may only store personal data for as long as necessary for the specified purpose. Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption), and the data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
GDPR legislation uses several important phrases that are defined below to aid understanding:
GDPR is one of the toughest privacy and security laws in the world. As stated before, everyone who works within EU and EEA areas or works with clients in those areas has to honour the GDPR legislation.
If, for some reason, there is a breach of this regulation there are several consequences. These include the following:
For example, since the GDPR implementation, several of the biggest companies in the world have been fined. For instance, H&M's fine was €35 million for monitoring several hundred employees, WhatsApp's fine was €225 million because, according to GDPR, they have not been transparent enough about how they handled the information, Amazon's fine is the biggest one with a total of €746 million and it is related to cookie consent. Of course, companies can appeal these fines and they can be reduced.
Are you sure to perform this action?