GDPR Summary Part 1: Breaking Down the New EU Data Protection Rules

GDPR: New EU Data Protection

This is Part 1 of a series of articles about how the General Data Protection Regulation affects corporate innovation. In this first article we’ll break down what the GDPR is and what makes it the most impactful data privacy regulation to be approved in the last twenty years.

Six years after the General Data Protection Regulation (GDPR) discussions began, the law will automatically go into effect on May 25th, 2018. The main goal of this European Union regulation is to give more power to individual EU citizens when it comes to protecting their data.

While the law was passed by the European body, its regulations apply to all companies processing the personal data of people who live in the EU — regardless of where the company is located.

Therefore, it’s crucial for all companies with European users to understand how to comply with the GDPR, the scope of the regulation and the silver lining that comes along with it.

Understanding the General Data Protection Regulation

The GDPR is replacing the previous Data Protection Directive as a direct response to the growth of innovation and technological changes worldwide. With this regulation, the European Union aims to strengthen citizens’ rights to control how their personal data and information is used.

Under the GDPR, the definition of personal data has been redefined and broadened to include anything that can be used to identify an individual. As a result, almost every piece of information about a person will be categorized as personal data, and will therefore be protected.

Free Ebook: Stay Innovative
While Complying with the GDPR

 

The regulation furthermore defines how companies need to obtain consent from users, enacts a seventy-two hour limit on notifying supervising authorities of a data breach, establishes how personal data can be deleted, clarifies how information can be transmitted across borders and more. This includes requiring companies to explain to users how and where their personal information will be used and what information will be collected in “clear and plain language.”

Beyond categorizing the ways in which data can be used, the GDPR outlines the fine companies may be subject to if found to be non-compliant.

For non-compliance due to technical measures, a company can be fined either €10,000 or 2% of global revenue from the previous year — whichever is greater. For non-compliance with key measures in the GDPR, the potential fine jumps to the greater between €20,000 or 2% of global revenue.

Bottom line, non-compliance is expensive so make sure you cross your t’s and dot your i’s! Click To Tweet

What Type of Companies The GDPR Will Impact and How

While many might be wondering ‘how will the GDPR impact me?’ or whether the GDPR will impact their specific industry, the quick rule of thumb to remember is that the GDPR will impact every business in every industry across the world.

Companies whose operational base is outside of Europe are not exempt from the regulation, despite what many have assumed. Since the purpose of the law is to protect European citizens, the location of the company does not matter and companies with U.S or other international locations must still comply with the GDPR if they target EU audiences.

The enforcement of the new regulation will also bring with it a new demand for Data Protection Officers (DPO’s) – something companies must have in place by the enforcement date of May 25th, 2018.

Companies with more than 250 employees will be required to hire a DPO. According to estimates, that will add up to 28,000 DPOs being appointed worldwide to ensure GDPR compliance. Companies with less than 250 employees will still need to comply with the GDPR, but they will not be obligated to hire a dedicated data protection officer in order to do so.

The Silver Lining of the GDPR: Increased Innovation

While the enforcement date of the GDPR may be daunting, there is a silver lining in terms of the innovation the regulation will spawn and the collaborations it will breed.

To ensure compliance within the short amount of time left, many companies are seeking collaborations with startups to provide the solution (and many are finding them on prooV).

New technologies will have to be created in order to ensure that the new regulations are enforced while posing minimal impact on the end user, and new technological developments in the form of smarter algorithms will have to be created. The enforcement of the GDPR will also bring with it the need to improve security features since companies will be mandated to report breaches and increase security when transferring information.

In A Nutshell: What You Need To Know About The GDPR

Overall, the enforcement of the GDPR will have a strong impact on companies, but it is not one to be afraid of.

If companies prepare in advance for the implementation of the regulation and work with startups and other enterprises to ensure they are prepared, the outcome will be a stronger and better informed customer base.

As the GDPR enforcement date comes closer, we will begin examining the impact on certain industries and see whose operations will have to change the most drastically in the months to come, so stay tuned!

Next up: GDPR Summary Part 2: How the GDPR Will Impact the Financial Industry

About the author