Back in April of 2016, the EU (European Union) passed the GDPR (General Data Protection Regulation) which is set to become one of the greatest pieces of legislation to affect data privacy in the last 20 years and will take affect on May 25th, 2018. The act will replace the Data Protection Directive and will be set on enforcing data privacy laws, protecting the data of all EU citizens and will reshape the way organizations approach data privacy. In this post we will highlight some key changes that this act enforces and how they will affect your internet usage going forward.
Increased Territorial Scope
The act gives the GDPR extended jurisdiction to cover any organization that processes data for EU citizens if they operate within the EU or not. This extended jurisdiction will allow the EU to closely watch processors and controllers who sell goods and services to EU citizens and their behaviour on the web. This extended look will help protect citizens from data breaches and secure data for all that use the internet within the EU.
The GDPR will enforce companies to notify all member states when a data breach occurs within a 72 hour period of first noticing it. They will also be required to notify their customers and controllers of the breach if there is a risk of “rights and freedoms and individuals”.
Rights to Access
Data subjects will now have the opportunity to request information on whether their personal data is being is being processed. This information will be free to obtain and all controllers will have to send an electronic copy containing the personal data to the user requesting the information.
Data Protection Officers
The current method for controllers to inform their DPA’s can be a hassle as different nations have different requirements for the process, which means that notifications can take forever through the bureaucratic process. Under the GDPR, data protection officers will be appointed to processors and controllers so these notifications can be done internally and avoid the long process of sending forms individually. Regulations have been put in place for the controllers on who can be hired or appointed to this position within their company so people most qualified can receive the position.
If you would like to learn more about the GDPR regarding its history, process, or more changes, click here. The GDPR will go into effect on May 25th, 2018.