What is GDPR actually ?
The law is a replacement for the 1995 Data Protection Directive, which has until now set the minimum standards for processing data in the EU. GDPR will significantly strengthen a number of rights: individuals will find themselves with more power to demand companies reveal or delete the personal data they hold; regulators will be able to work in concert across the EU for the first time, rather than having to launch separate actions in each jurisdiction; and their enforcement actions will have real teeth, with the maximum fine now reaching the higher of €20m (£17.5m) or 4% of the company’s global turnover.
Who all are covered?
GDPR affects every company, but the hardest hit will be those that hold and process large amounts of consumer data: technology firms, marketers, and the data brokers who connect them.
Even complying with the basic requirements for data access and deletion presents a large burden for some companies, which may not previously have had tools for collating all the data they hold on an individual.
But the largest impact will be on firms whose business models rely on acquiring and exploiting consumer data at scale. If companies rely on consent to process data, that consent now has to be explicit and informed – and renewed if the use changes.
Impact of GDPR ?
Even without user pressure, the new powers given to information commissioners across the EU should result in data processors being more cautious about using old data for radically new purposes.
Counterintuitively, though, it could also serve to entrench the dominant players. A new startup may find it hard to persuade users to consent to wide-ranging data harvesting, but if a company such as Facebook offers a take-it-or-leave-it deal, it could rapidly gain consent from millions of users
Key Terminologies –
- What is Data Controller? Person/Company/associated entity that determines the purposes for which and the manner in which any personal data are,or are to be,processed including the applicable security measures.
- What is Data Processor? Person/Company/associated entity which processes personal data on behalf of the controller.If an organization holds or processes personal data but does not exercise responsibility for or control over personal data then this organization is a “processor”
- What is Data Privacy Officer ? DPO is the role in an organization with responsibility of overseeing data privacy compliance and managing data protection risks for the organization
- What is Data Subject ? The person apersonal data relates to.
- What is Supervising Authority ? An independent public authority which is established by Member States to enforce legislations locally.
Key Highlights –
- DataProtectionOfficer (DPO) DPO required for“government bodies”and organizations conducting mass surveillance or mass processing of Special Categories of data
- DataProcessors(DP) : DataProcessors (DP)and Data Controllers must conduct due diligence into processors suitability.
- Breach Notification : Requirements to report Privacy breaches to the regulator within 72 hours
- Inventory : Generally organization will need a personal information inventory To Read More Visit : https://ico.org.uk