On May 25th 2018, Europe’s long awaited GDPR goes into effect, bringing outdated digital data regulation into the modern era at high speeds. GDPR replaces archaic previous regulation in Europe, which operated under a directive established in 1995.
But what does that mean, exactly? We’ll explore what the General Data Protection Regulation is, how it works, and what it aims to achieve.
GDPR was designed to give individuals (specifically, EU residents) better ability to control and regulate personal data on the Internet. It’s a regulation that also enables EU citizens to access and request deletion of their personal data.
What is personal data?
Personal data is defined by any information that relates to an individual and allows that individual to be identified – whether directly or indirectly.
This includes online identifiers and markers, such as cookies and IP addresses, if they have the ability to link the data back to the person to whom the cookie or IP address belongs.
How does GDPR affect personal data?
Additionally, GDPR grants rights for individuals to access their own personal information which companies have collected and stored. Not only can individuals access this personal information; GDPR also grants rights to requests for deletion and/or removal, with a time-sensitive window in which corporations are obligated to comply or face serious financial penalties.
As such, global corporations are now obligated to operate with better data management practices, or face hefty fines for violations, regardless of whether the corporation is based in the EU.
This regulation will affect all individuals, corporations and organizations that are either controllers or processors of personal data. Simply put: if you collect, store, or process any personal details or data belonging to any individual in Europe, you’re sure to be affected.
Companies or organizations which have more than 250 employees will also be required to document details surrounding their data storage and collection. This includes why they store people’s information, how or why it’s collected and processed, descriptions of the types of information being stored, the length of time it is being stored, and technical security measures in place to protect it.
The implications of data regulation
This important data regulation comes in the wake of scores of critical data breaches over the last several years. For massive companies such as LinkedIn, Yahoo, MyFitnessPal, and Equifax, all which store personal data varying in degrees of sensitivity, GDPR aims to enforce accountability, protection, and compliance on behalf of EU citizens.
GDPR grants numerous additional rights when it comes to persona data, specifically centered around gaining user consent to usage and storage of personal data for EU citizens. While the US does not currently have such protections in place, it’s important to note that such a major implementation of data protection in the EU may directly impact future data regulation policies in the United States.
While this may or may not affect the daily lives of most of us living here in the US, it’s important to note that US companies are scrambling to prepare for GDPR implementation as it effects all EU citizens’ data, regardless of whether or not the company is based in the US or the EU.
This means that starting May 25th, US companies can easily face serious fines if found non-compliant with the GDPR. Potential fines for violation cap at 4% of global annual revenue or €20,000,000 Euros – whichever is greater.