Image: Moneybestpal.com |
A comprehensive data protection law known as the General Data Protection Regulation (GDPR) went into force in the European Union (EU) and the European Economic Area on May 25, 2018. (EEA). In order to standardize data protection laws among EU and EEA member states, the GDPR repealed the Data Protection Directive of 1995.
The GDPR outlines both the obligations of data controllers and processors who gather, store, and use personal data as well as the rights of individuals with regard to that data. According to the rule, personal data includes any details that can be used to identify a specific person, including name, address, email, identity number, geographical information, and online identifiers.
A number of rights are granted to people by the GDPR, including the right to access their personal data, the right to have it updated, the right to object to the processing of their data, the right to have it erased, and the right to data portability. The GDPR also mandates that data processors and controllers put in place organizational and technical safeguards to ensure the security of personal data.
Significant fines and reputational harm may arise from non-compliance with the GDPR. The rule gives national data protection agencies the authority to implement the law. Penalties for breaking the law can be as high as 4% of a company's annual global revenue or €20 million, whichever is higher.