What is GDPR | Why is it Important and how will it affect you?
GDPR stand for General Data Protection Regulation. The General Data Protection Regulation is a regulation in EU law which standardizes data protection law across all 28 EU countries. It addresses data protection and privacy for all individuals within the European Union and the export of personal data outside the EU.
The EU General Data Protection Regulation (GDPR) has a huge impact on businesses, with this regulation, all the business need to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
On May 25, 2018, The General Data Protection Regulation (GDPR) will come into effect. Basically, after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines.
What is GDPR compliance?
Information might get lost, stolen or date breaches inevitably happen or otherwise released into the hands of people who were never intended to see it — and those people often have malicious intent. Not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from exploitation and, misuse, as well as to respect the rights of data owners – or face penalties for not doing so.
GDPR affects every company and applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU. That means almost every major organization in the world will need to be ready when GDPR comes into effect. GDPR applies to every business, large and small, around the world (not just in the European Union). If your website has visitors from European Union countries, then this law applies to you.
Under the GDPR, individuals have:
The right to access
Any individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The organization must provide a copy of the personal data, free of charge and in electronic format if requested.
The right to be forgotten
If any individuals are no longer customers or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.
The right to data portability
Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine-readable format.
The right to be informed
The company must inform any individual before gathering of their personal data. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
The right to have information corrected
Every individual has right to correct their information. individuals can have their data updated if it is out of date or incomplete or incorrect.
The right to restrict processing
Any individual has right to restrict procession. They can request that their data is not used for processing. Their record can remain in place, but not be used.
The right to object
Every individual has right to object. They can stop the processing of their date for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received.
The right to be notified
If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.