What does GDPR stand for?
General Data Protection Regulation.
How did we get here?
The European Commission set out plans for data protection reform in January 2012, its mission to make Europe ‘fit for the digital age’. It took almost four years for an agreement to be reached on what was involved and how it would be enforced.
The biggest component of the new data protection reforms is the General Data Protection Regulation (GDPR). This European union wide framework applies to organisations in every member-state and will impact not only businesses and individuals across Europe but globally. Beyond because if a company touches personal data of someone residing within the EU, then GDPR applies. Even if that company is based outside of Europe.
In December 2015, when the reforms were agreed, Andrus Ansip, vice-president for the Digital Single Market said “The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information”.
So, What is GDPR?
GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify regulations so citizens and businesses in the EU can get maximum benefit from the ‘digital economy’.
Many of the laws and obligations surrounding personal data, privacy and consent were outdated. The latest reforms are designed for the internet-connected world we live in today where nearly every aspect of our lives revolves around the collection and analysis of our personal data. Today’s world is one where governments, banks, social media networks, and mobile apps record; what we buy, what we read, where we go, and what we eat, and this ‘data’ and more is willingly pushed into the public domain by almost 3 billion people worldwide.
What is a Data Controller?
A Data Controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”.
What is a Data Processor?
A Data Processor is a “person, public authority, agency or other body which processes personal data on behalf of the data controller”.
Data Controllers will also be made to ensure that all contracts with data processors are also compliant with GDPR.
So, what is GDPR compliance?
It is widely accepted and frighteningly commonplace for data breaches to happen. There are many ways our personal data can be made available to people with who have malicious intent and were never supposed to have access to this data.
Under GDPR, organisations will have to ensure that personal data is gathered under strict legal conditions and those who collect and manage it will be obliged to protect it or face serious penalties and hefty fines.
There is no escaping the fact that wherever physically located ‘all organisations’ dealing with EU citizens (and UK citizens post-Brexit), will need to ensure they’ve carried out all the necessary impact assessments and are GDPR compliant by the deadline of May 25th 2018. Are you ready?