Begining May 25, 2018, the General Data Protection Regulation (GDPR) will go into effect across Europe. The European Commision has created this regulation to strengthen the protection of European citizens’ personal information by implementing new rules and providing European citizens specific rights.
What Is The General Data Protection Regulation?
In 1995, the EU came out with a Data Protection Directive. However, the world has changed greatly since then. In order to keep up with changing and advancing technology, the EU has revamped their privacy regulations to keep up with how the world is currently operating.
The General Data Protection Regulation is a data protection law designed to impose strict new rules on processing and controlling personal identifiable information (PII) across all 28 European Union (EU) countries.
According to the GDPR, personal data can be defined as:
- An Email Address
- Bank Account Details
- Social Networking Updates
- Location Information
- Medical Information
- Computer IP Address
- And Any Other Information Related a Specific Person
Who Does The General Data Protection Regulation Affect?
Whether an organization collects, records, organizes, structures, or stores PII, the GDPR applies to them. Any organization that handles European citizens personal data must follow this new regulation including organizations based outside of the EU or risk facing substantial administrative fines.
European Union Citizens Rights:
As indicated by the new General Data Protection Regulation, individuals have specific rights and protections regarding how their personal information is handled and used by an organization.
EU citizens are entitled to:
- A copy of their information that an organization has
- Justification of why an organization has their information
- An estimated length of time an organization may keep their information
- Personal information corrections
- Request companies to delete their information
- And much more
Protecting Your Company
According to the General Data Protection Regulation, organizations should keep minimal data, maintain accurate information, secure information properly, and only keep it for as long as necessary.
Ensure your company is in compliance with the GDPR by:
- Locating Stored Information
- Deleting Unnecessary Information
- Perform Data Protection and Privacy Impact Assessments
- Creating Formal Records of Processing
- Drafting and Testing an Incident Response Plan
The GDPR is one of the strictest security regulations and is being followed on this page because if you do business with anyone in the EU and surrounding areas, these rules apply to you.
To prepare for the General Data Protection Regulation, companies should begin figuring out if this new regulation will apply to them. If so, following the recommendations above and further research is necessary to ensure complete compliance with the GDPR.