The EU General Data Protection Regulation or GDPR in short is the most important change in data privacy within EU teritories. Data privacy has been an hot topic lately with Cambridge Analytica data breach of Facebook users coming to limelight which forced the Founder of Facebook Mark Zackerburg to appear in two separate Congress Hearings to explain the situation.
All establishments coming the jurisdiction of European Union must implement and conform to GDPR before 25th of May 2018. Failing to do so may result in a penalty of 4% of annual global turnover or €20 Million (whichever is greater). Some key takeaways of this regulation is as follows:
- Territorial Scope changes - All companies regardless of their geographical location will and should come under GDPR if they are processing any personal data of data objects residing in the jurisdiction of the EU. This was not implemented earlier where Non-EU based companies can have their own regulations for data privacy
- Notification of Data Breach - Companies must notify the affected parties in case of a data breach within 72 hours of initial awareness of the data breach.
- Right to Access - Data objects should have the right to know whether their personal data is being processed and if so where and for what purpose their personal data is being processed. Furthermore data objects have the right to request for a copy of their personal data being used in electronic format, free of charge.
- Right to be Forgotten - Also known as data erasure, where a data subject can request cease to process and delete their data by a company or any third party.
- Data Portability - Data objects must have the right to request the personal data concerning them, which they have previously provided in a 'commonly use and machine readable format' and have the right to transmit that data.
- Privacy by Design - With GDPR companies must not consider privacy of data as an afterthought instead a core requirement while designing their systems. This includes any and all measures to safe guard personal data of the data objects.
Please login or register to post a comment.