What is GDPR – General Data Protection Regulation?

GDPR AKA General Data Protection Regulation- these four words are freaking out almost everyone nowadays. Companies like Facebook, Whatsapp, Instagram and even Google are facing charges for not complying with this European Union legislation.

What is GDPR?

General Data Protection Regulation(GDPR) is a data protection and privacy legislation applicable to all the citizens of the European Union(EU) and members of the European Economic Area(EEA). EU adopted this regulation in the 14th of April, 2016 superseding the previous Data Protection Directive and implemented on the 25th of May, 2018. This aims to give control to citizens and residents of EU of their personal data collected by companies not only which are located within the European Union region but also which are doing business within the European Economic Area.

What is Personal Data?

This is a broadly defined topic. But generally, it means Personally Identifiable Information(PII)  or Sensitive Personal Information(SPI) those can be used to identify an individual. These can be any name, IP address, any kind of ID number, date of birth, biometric records and educational certificates etc.

What are the Individual’s Rights Under GDPR?

Who Get Affected by GDPR?

Every company residing within the European Union(EU) or doing business inside the European Economic Area(EEA) gets affected by this legislation. The European companies who export consumers’ personal data outside EU and EEA areas also belong to this category.

What are the Focus Points of this Regulation?

• This regulation aims to strengthen the consumers’ rights over sharing their personal data. The focus points are-
• Companies can’t get consumers’ consent by providing ill-defined statement.
• Consent for every single thing will have to be taken individually.
• Consumer mustn’t go through much hustle to withdraw their consent.
• Consent for children(usually less than 16 years old) must be given by any parental figure.
• Individuals have to be notified of any unfortunate data breaches without any undue delay.

What are the Consequences of Breaking the Law?

In 2016, after the rule being adopted, companies were given two years to be prepared for this regulation. Now after the rule being implemented, if any company is found to be violating the rules, they can be fined up to 4 percent of their annual income or 20 million euros which is equivalent to 24.6 million USD.