The General Data Protection Regulation (GPDR) is a new regulation enforced by the EU.
It aims to strengthen data protection for EU residents and anyone who uses EU services.
The GDPR replaces the data protection directive from 1995 and will come into effect on the 25th May 2018.
Any person or organisation who possesses or collects personal data is required to comply with these new regulations. This includes organisations who run apps, websites, use internal data bases or email.
A significant part of this regulation is transparency and ensuring data subjects are informed about how their personal data is being used, the amount of time it will be used for and how long it will be stored. Data subjects must also be informed about who to contact with regards to the data holders processing actions.
Data holders must have explicit consent from data subject before data is processed and the data must only be processed for the purpose of which the consent was given.
For example, If someone was to contact you with an enquiry, that does not give you permission to add their information to your contacting list.
The data processor must also have verifiable consent by a minors parent/guardian before their data is used. A data subject may withdraw their consent at any time, this includes all backups, references etc.
By default privacy settings must be set to their maximum level and an option should be given to downgrade if users choose to.
The GDPR requires data processors to report any data breach within 72 hours. The maximum sanction for any data breaches with GDPR is 20,000,000 Euro or up to 4% of your annual worldwide turnover (whichever figure is greater).
GDPR comes into effect whilst the UK is still in the EU, so it is still necessary for the data processors to take GDPR seriously. In addition to this, the UK will adopt all EU legislations following Brexit. EU laws will be rewritten to fall in line with Britain’s new position outside of the EU. If your services are accessed by EU citizens or residents you will need to comply with GDPR.
The GDPR may seem intimidating, especially with those heavy fines hanging over data processors heads, however GDPR is all about protecting people like me and you. The internet is highly unregulated and is in need of a higher level of international legislation.