GDPR or General Data Protection Regulation is a set of rules for EU Citizens to give them more control over their personal data. The gist is to ease down on the rules of regulatory environment for businesses so that both the citizens as well as businesses in the EU can make the most of the digital economy. The reforms tend to reflect the world we are residing in and the laws and obligations imposed regarding personal data, privacy and consent in order to accelerate for the internet. Basically, almost every aspect of our life revolves around data. Ranging from social media companies, banks, to the governments, everything involves collection and analysis of personal data. And most of your personal information is also stored by the organizations.
Data breaches are quite inevitable these days. Information gets lost, stolen or dispersed away to the wrong hands. When it comes to GDPR compliance, many companies ensure that personal data is gathered on legal terms and under stringent conditions and must aim to protect it from all kinds of misuse and exploitation and to respect the right of data owners as well. Failure to comply with this will lead to facing penalties.
Requirements for General Data Protection Regulation
- Articles 17 & 18
They give more control over personal data that is automatically processed. The results may be transferred between the service providers and it directs a controller to eliminate the personal data under many circumstances.
- Articles 23 & 30
This calls for the companies to execute reasonable data protection measures to shield the users’ personal data and privacy against loss or exposure.
- Articles 31 & 32
This calls for requirements for single data breaches. The controllers must always notify the SA or Supervising Authorities of personal data breach within 3 days of learning of the breach and specify the nature of it and the approx. number of data subjects being affected. Article 32 calls for the data controllers to notify the data subjects ASAP when the breaches cause their rights as well as their freedoms at a higher risk.
- Articles 33 & 33a
This calls for companies conducting Data Protection Impact Assessments in order to determine the risks to consumer data and to address them.
- Article 35
This calls for the appointment of data protection offers in certain companies.
- Articles 36 & 37
This outlines the position of data protection officer and their duties to ensure the GDPR compliance and reporting to the SAs and data subjects.
- Article 45
This stretches these requirements to the global companies that gather or process the personal data fo the EU citizens posing them the same requirements.
- Article 79
This outlines the penalties when you don’t comply with GDPR.