GDPR stands for General Data Protection Regulation. It’s a world’s strongest set of data protection rules set out by the European Union in order to make Europe ‘fit for the digital age’.
This law came into effect on May 25, 2018. Too many brands are exploiting personal data that refers to any information that can directly or indirectly identify an individual and creating bad experiences for customers.
EU says GDPR planned to “harmonise” data privacy laws across all of its member countries as well as providing greater protection and civil rights to individuals. It is also created to alter how businesses and other organizations can handle the information of those that interact with them. It replaces a previous law called the Data Protection Directive.
The mass amount of data that brands collect from consumers across different channels raises the risk of that data falling into the wrong hands. GDPR is meant to protect customers and allow them to have a say in how their data is used.
At the core of GDPR are seven key principles: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and security, and accountability. Under the accountability principle, data organizers will be needed to execute proper managerial and technical measures to ensure that data processing is completed in accordance with the GDPR.
This would include any constant reviews and updates to those measures.
All companies which hold personal data of EU civilians must act in accordance with the GDPR. This will take in both companies with presence in Europe as well as companies with no presence, but process personal data of European Union citizens.
Within companies, data managers are probably wondering what measures they need to execute to be compliant with the GDPR principles. Organizations must admit that the GDPR means bigger fines for internal failings, but also the benefits of getting data protection right.
If organizations do not fulfill the GDPR, the (ICO) can issue fines ranging from 4% of total worldwide yearly revenue or €20 million, whichever is greater. Fines up to €10 million or 2% of total worldwide yearly revenue can be applied for not putting in place adequate security or not reporting any breaches.