If you own a business, chances are you have recently come across GDPR, the European Union’s General Data Protection Regulation, which was in force since 25 May this year.
The purpose of the GDPR is to unify all EU member states’ approaches to data regulation, ensuring all data protection laws are applied consistently in every country within the EU. In the following article, we explore what the GDPR is and what it might mean for your business.
What is GDPR?
The GDPR is an initiative introduced by the EU to enforce data protection laws across the EU. It began in January 2012 when the European Commission began looking into data regulation reform across the EU in order to make the EU “fit for the digital age.” After four years of preparation and debate, the GDPR was approved by the European Parliament in April 2016 and comes into force this year.
Since almost everything we do relies on data in some way or another – from social media companies, to banks, retailers, and governments – the GDPR seeks to keep up with our way of life by enforcing a set of rules to give EU citizens more control over their own personal data. It aims to simplify the regulatory environment for business so that both citizens and businesses in the EU nations can fully benefit from the digital economy.
Complying with the GDPR
As a business owner, it is important that you stay up to date with any data regulations that might affect you and your customers. Under the GDPR, you must ensure that any of your clients’ personal data is gathered legally and under strict conditions, and that those who collect and manage it protect it from misuse and exploitation and respect the rights of data owners – or face penalties for not doing so.
Part of complying with these regulations is to understand what exactly constitutes “personal data”; the types of data considered personal under the existing legislation include name, address, and photos. The GDPR extends the definition of personal data so that something like an IP address can also be considered personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.
Businesses can be fined for failing to comply with the GDPR, so it is vital that business owners ensure they are complying. Under the GDPR legislation, any business not adhering to the rules could be charged fines of up to €20 million or 4% of the company’s global annual turnover, though the toughest fines will be reserved for the worst data breaches or data abuse.
Who does the GDPR apply to?
The GDPR will essentially apply to almost every major corporation in the world – any organisation operating within the EU, as well as any organisations outside of the EU that holds data of EU customers are obliged to comply.