A regulation that needs businesses so as to protect the personal data and privacy of citizens for transactions that occur with the member states is known as GDPR. GDPR refers to General Data Protection Regulation.
GDPR introduces tougher fines for non-compliance and breaches and gives people more say over what companies can do with their data. It helps in making protection of data rules more or less same. GDPR had been agreed upon by the European Parliament and Council April 2016. It will replace the Data Protection Directive in spring 2018. If the companies which are in compliance with the Directive doesn’t ensure if they are compliant with new requirements of the GDPR before it becomes effective on 25th May 2018 and if they fail to achieve GDPR compliance before they are committed then they will be subject to stiff penalties and fines.
Let us now look at some of the key privacy and data protection needs of the GDPR:
- The consent of subjects for data processing is needed
- To protect privacy, anonymizing collected data is required
- Data breach notifications are provided
- Transfer of data across borders should be handed safely
- Needed certain companies to appoint a data protection officer to GDPR compliance
The main aim of GDPR is to levy a uniform data security law on all the EU members. This is because member of each state no longer have to write its own data protection laws and laws are steady across the entire EU.
It is necessary to know that any company that markets goods or services to the citizens of EU, regardless of its location, is subject to the regulation. This results to impact of GDPR on data protection requirements worldwide.
There are 11 chapters and 91 articles in GDPR. Below are some of the chapters and articles that have great potential impact on security operations:
- 17th and 18th Article: They give data subjects more control over personal data that is automatically processed. Thus, personal data might get transferred between service providers by data subjects more easily and they may direct a controller to delete their personal data under certain circumstances.
- 31st and 32nd Article: A huge role is played by the data breach in GDPR text. It has been specified in article 31st the requirements for single data breaches; controllers must notify SAs of a personal data breach within 72 hours of learning of the breach and specific details must be provided such as the nature of breach and the estimated number of data subjects affected.
- 23rd and 30th Article: These articles need companies to execute reasonable data protection measures so as to protect consumers’ personal data and privacy against loss or exposure.
- 79th Article: This articles edges the penalties for GDPR noncompliance which can be up to 4 percent of the violating company`s global annual revenue depending on the nature of the violation.
There are many GDPR experts that empower organizations to achieve GDPR compliance much quicker, efficiently and hassle free.