A regulation that came into existence in 2018 helps give individuals a greater degree of control over the personal data they have shared with social networks and third-parties. GDPR or General Data Protection Regulation is widely considered to be the strongest set of data protection and privacy laws in the world.
This regulation now controls how an individual shares private data with a business and places limitations for businesses to use the data given to them by individuals.
This regulation is created as a framework of laws for data. This final form of the GDPR came from over 4 years of negotiations and discussions by the European Parliament and European Council in April 2016. The final framework of the GDPR came into being in 2018.
This regulation lays the onus on the shoulders of data controllers to show that they are GDPR compliant. It requires businesses and organizations to put in place appropriate technical and organizational measures.
The regulation sets out separate entities, data controllers and data processors.
Controllers could be defined the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller may be designated by those laws, while the processers could be a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
- Features and Benefits
- Applicability
- Consulting Methodology
Seeing as the GDPR is an evolution of data and privacy protection laws, it puts into place regulations that are crucial to protect the privacy of individuals sharing their data with businesses.
Below are some of the features of this standard:
- GDPR requires unambiguous consent from the user if the data collected is a non-sensitive personal data. In terms of highly personal data, explicit content is required to be taken.
- This standard allows users to obtain and reuse the same data across different businesses across different services. This is intended with the perspective of making it easier for people to switch between services.
- Individuals now have the ‘right to be forgotten’. A user can request the organization to erase all their data in specific circumstances.
- This standard also makes room for revealing any breaches that occur to an organization’s data. This breach notification should be shared with individuals as well as relevant regulatory and supervisory bodies.
All in all, the core of the GDPR is comprised of 7 key principles:
- Lawfulness, Fairness & Transparency – All the processing undertaken should be in keeping with the subject and be completely fair, transparent and in line with the law.
- Purpose Limitation – The data is only allowed to be processed for the legitimate purpose stated when the said data was collected.
- Data Minimization – The organization should be collecting only the data necessary for pre-defined purposes.
- Accuracy – Keep all the personal data accurate and up to date.
- Storage Limitation – The data should be stored only for as long as is necessary for the purpose defined by the organization.
- Integrity & Confidentiality – The processing of all the data collected should be done in a fashion that respects and maintains the necessary security, integrity and confidentiality of the data.
- Accountability – Compliance with the GDPR norms is the responsibility of the data controller.
MAJOR STEPS OF GDPR
Step 1. Awareness
Step 2. Information you hold
Step 3. Communicating privacy information
Step 4. Individuals’ rights
Step 5. Preparing for the General Data Protection Regulation (GDPR)
Step 6. Subject access requests
Step 7. Consent
Step 8. Data Breaches
Step 9. Children
Step 10. Data Protection by Design and Data Protection Impact Assessments
Step 11. Data Protection Officers
Step 12. International
This regulation applies to all the companies that deal with personally identified Individual (PII) data of EU residents, whether they are private, public, or even government organizations.