Onetotech.com – What is GDPR or General Data Protection Regulation? Probably most readers of this paper do not know what is GDPR. Here is a brief explanation of GDPR which will come into effect on May 25, 2018.
GDPR or General Data Protection Regulation is a regulation on Data Privacy applied to all companies in the world. Rules for companies that store, process or process personal data of EU residents.
The goal of GDPR is to provide better protection of data privacy in today’s digital economy. The form of protection is to provide more flexibility for the individual to the data. Provide stricter rules to those who manage or store your data.
The GDPR or General Data Protection Regulation will be effective on 25 May 2018 worldwide.
Example where companies should submit to GDPR or General Data Protection Regulation
- The airline / Hotel that stores EU passenger information data
- E-Commerce site that stores EU customers’ data, addresses and transactions.
- The seller of a vehicle or property in which some of its customers are residents of the EU.
Based on IDC Report, GDPR or General Data Protection Regulation provides various impacts to all companies that process personal data of EU residents. Of all the impacts there are 4 main effects. Here are the details:
Fine EUR 20 Mio or 4% Global Revenue
The penalty for GDPR is so serious that it shows that compliance with GDPR is as obedient to anti-bribery or money laundering rules. Because the problem of privacy data is not an IT problem alone.
Mandatory Notification of Breach
The requirement of any organization notifying the authorities within 72 hours of finding breach data and must inform which data is affected.
This rule applies not only to the EEA but to all companies in the world that hold personal EU population data.
Prohibition of data processing activities
If a company is found to be infringing, the regulator shall be entitled to prohibit the company from processing personal data of both customers and employees.
Judging from the 4 main effects above, GDPR or General Data Protection Regulation is a serious law which forces companies to re-design people, process and technology and continuously educate all employees about this rule.