GDPR is being put in place in order to tighten Data Protection regulations to safeguard personal data in the modern era of technology. Although the key principles of data privacy will remain the same from the previous policy that was set in 1995, there are many changes and if these rules are not adhered to the fines are massive.
Arguably, one of the biggest changes to the regulation comes with the extended jurisdiction of this regulation. Previously, the regulation only applied to companies that are based in the EU. However, with this regulation it applies to companies who are processing personal data of data subjects residing in the EU, regardless of where they are based. Non-EU businesses processing the data of EU citizens must also appoint an EU representative now.
Under the new GDPR, fines will be much higher than what they currently are. For example, the maximum fine you can receive is up to 4% of annual turnover, or €20 million (whichever is greater). This fine is of course, for the most serious of infringements. There is a tiered approach to fines, which vary, based on the level of infringement.
Furthermore, the request for consent in use of data can no longer be a long, illegible list of terms and conditions full of legal talk. The request for consent must be given in an easily accessible form that is easily understood, clear and distinguishable as to what it will be used for. It must be as easy to withdraw consent, as it is to give it.
The companies that are holding this data must notify their customers if there is any data breach within 72 hours of first becoming aware of the breach. As well as this, they must provide the customer, if requested, confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. They must also provide a copy of the personal data in an electronic format.
In summary, GDPR is being put in place in order to ensure personal data is kept secure and only used in circumstances that the customer has agreed consent for. It will ensure companies adhere to these regulations and the companies must have everything set up in place by the time this regulation takes effect. Companies have until May 2018 to ensure that the extensive list of new regulations are followed, as this is when it comes into place.