What is GDPR? Explanation, examples, requirements
GDPR or “General Data Protection Regulation” are new legal requirements. Their main idea is to enhance the data security of European customers. Although it mainly affects everyone working within EU-zone, these regulations are also very important for non-Europeans.
What is GDPR?
Being a bit more specific, this set of laws requires that businesses collect, use, and keep the data of their customers following the newly-created standards. Additionally, people get an opportunity to manage the information companies get about them. Users now have the ability to find out what specific data is stored, request for it to be deleted, etc.
In addition to the general requirements, companies are also supposed to provide detailed explanations regarding the ways they store, gather, and use your data. Users must be able to easily understand these processes.
While Great Britain is no longer considered a member of the EU, it still has similar rules inside the country. The set of laws does not cover the American market. Nevertheless, it is best for everyone who is not part of the EU to comply with these requirements as well. This will bring a lot of benefits for the businesses.
We are confident that we have what it takes to help you get your platform from the idea throughout design and development phases, all the way to successful deployment in a production environment!
Example
Imagine a situation where you buy a jacket over the internet.
After visiting the vendor’s website, you start getting targeted advertisements with jackets and everything of the kind. As it is said in the GDPR, you can freely ask the advertiser to remove your data and stop showing you these ads.
Does the GDPR work only in the EU?
Although it is required that companies comply with this set of laws in the European Union, they may decide to give the same rights to people from other countries as well. It would be quite unreasonable for them to have two different policies for the EU & everyone else.
Some companies like Microsoft have decided to provide the same rights and policies for all their users. However, companies like Facebook change the privacy setting globally but do not give everyone the same rights in managing their data.
What about data breaches?
Since the implementation, companies are supposed to notify European agencies within 72 hours after data breaches occur. If there could be any serious consequences, the users must be notified as well.
It is expected that the new legislation will change the way most businesses perform their daily routine and provide additional protection to regular users. Your information is now protected.
Is my company affected by the GDPR?
As far as you operate inside the EU and have anything to do with the data of customers from there, you are supposed to do everything that is required by the new legislation. Otherwise, you might have to pay a fine for violating any of the rules mentioned above.
What can a regular user do?
Primarily, reading the new rules and requirements is highly recommended. A separate list of rights exists, and it covers everything a regular user can do.
For instance, you have a right to find out which data is gathered about you and your activity, ask the firm to stop using or delete this data, and file complaints in case of data leakage. Basically, everything is supposed to become quite transparent and understandable.
Although all these options might sound like something pretty simple, it is, in fact, very difficult for companies to implement. While there were several years to prepare for the GDPR regulation, businesses still struggle with following the rules.
Currently, the most reasonable thing you can do is ask for the info that is already stored. Most companies are already capable of providing this sort of data. However, there might be some troubles with the other features.
7 basic principles of the GDPR
For better understanding, we put together the following list with the 7 basic features of the new law. These should help you understand the meaning and importance of the regulations.
- Transparency, following the requirements of the law.
- Information may only be gathered for reasonable usage allowed by the law.
- Only the bare minimum may be gathered – companies cannot store more info than needed.
- Data must only be accurate and all inaccuracies should be removed.
- Limited storage.
- Users can be identified for only several necessary steps; afterward, they should become unidentifiable.
- Any leakage is a direct responsibility of companies.
Now, you know what the basic features of GDPR are. All companies that work within the European Union are obliged to comply with the set of laws and ensure data privacy is not neglected.
What companies are impacted by the GDPR?
Although we have already mentioned that the new laws are applicable for all companies working within the EU, there still is an official list that states which businesses are covered by them.
- Companies with a presence in the EU.
- Businesses without a presence in the EU but which work with the information of European residents.
- Firms with over 250 employees.
- Companies with less than 250 employees but which process data that includes private information.
So, basically, this covers almost everyone working online.
GDPR fines
The GDPR clearly mentioned that there are 2 fine tiers.
Speaking of the penalties, they are determined by how serious the issue is.
- Tier 1: up to 10 million Euros or 2% of annual revenue, depending on which sum is bigger.
- Tier 2: up to 20 million Euros or 4% of annual revenue, depending on which sum is bigger.
In case you decide to read more about which violation could result in one of these two fines, visit the official GDPR website for additional information.
Other criteria for determining the fine amount
Apart from the violated articles, there also are several other points that cover the amount of the potential fine.
- General information
This point covers a situation from a broad view including what happened, why it happened, who was affected by the issue, and other details.
- Intention
In this case, the commission checks whether the violation was intentional or incidental. Please note that both options are not good.
- Damage reduction
If your company tries and successfully reduces the damage, such actions will benefit toward lowering the fine.
- Preparations for the situation
Authorities analyze whether the firm used any technologies required by the new regulations.
- Previous violations
Any old violation that was related to the issue at hand.
- Cooperation
In case the company cooperates with authorities, then the fine will be reduced.
- Sensitive data
Issues with sensitive data are thought to be much more serious.
- User notification
When a breach takes place, the firm is responsible for notifying all its users about it.
- Codes of conduct
If the firm was previously certified or followed the codes of conduct, this will affect the penalty.
- Additional factors
These include financial losses and any other similar things that might have happened.
The best thing we can advise is to make sure your infrastructure is secure and no breaches occur.
The bottom line
So, we have covered the meaning and importance of GDPR including the penalties, principles, and other features. If any issues occur, it is very serious for your company because the fines are huge. Keep your data safe!
Top Articles
How to Use Generative AI in Procurement: Comprehensive Guide
I am here to help you!
Explore the possibility to hire a dedicated R&D team that helps your company to scale product development.