Posted on February 10th 2017 Security and Technology Consultant
Fueled by the technological advancements of recent years, the volume of data produced, processed and shared worldwide, has reached unforeseen proportions. However, these connected phenomena haven’t been adequately reflected in the respective laws which govern data – at least until now.
Introducing major changes to Europe’s privacy laws, a new single data protection act, General Data Protection Regulation (GDPR), will enter into force on May 25, 2018. The Regulation will replace the outdated Data Protection Directive from 1995 and its local versions, making it the biggest reform of privacy legislation for 20 years.
The reforms were designed to harmonize data protection laws across the EU in a way that effectively protects individuals’ privacy in the digital world of today. The changes it will bring following the 2018 deadline will have implications for all businesses of all sizes that handle the personal data of EU residents, regardless of location.
“GDPR WILL EFFECT CHANGE IN THE LIVES OF INDIVIDUALS, GIVING THEM GREATER CONTROL AND RIGHTS OVER THEIR PERSONAL DATA.”
While the Regulation builds on some of the core principles of the current EU data protection regime, the many new concepts it introduces will require clear guidance and often major operational reforms.
This is expected to be the case with the much stricter rules around obtaining and withdrawing individuals’ consent; notification of data breach; mandatory privacy impact assessments, or the requirement for “privacy by design and by default”, to be achieved by transparent processing as well as the encryption or pseudonymization of personal data.
To comply with the new standards, companies will be motivated by the notably higher fines – reaching up to 4% of annual worldwide turnover from the preceding financial year, or 20 million euros (whichever is the greater) – for serious breaches of GDPR principles.
Apart from affecting businesses, GDPR will also effect change in the lives of individuals, giving them greater control and rights over their personal data. As a result of this, individuals will be able to request that businesses delete their no longer necessary or accurate personal data using “the right to be forgotten”.