A Summary of the General Data Protection Regulation (GDPR)
GDPR is a new regulatory law, the acronym for General Data Protection Regulation, approved and adopted by the EU Parliament on April 14, 2016 and provides a higher standard of protection and privacy of personal data for citizens of the European Union. The new regulation spells out a long list of security obligations and requirements that organizations must now follow in order to protect and secure private data. GDPR is a new regulation to reform and replace the existing Data Protection Directive which was the former standard since 1995.
This new regulation has been in the works for more than 4 years by members of the European Union intending to give all EU citizens better control over their personal information in today’s digital world. GDPR goes into full effect after a 2-year grace period, and provides strong fundamental rights to citizens in order to protect their information. Any organization that is found in non-compliance after the enforcement date of May 25, 2018 could face massive fines, along with other serious and painful repercussions for organizations that mishandle information, or who are held responsible for a privacy data breach.
Now is the best time to get ready for GDPR. If managing personal data is part of your overall business and you collect any information of citizens from an EU nation, you should closely review this new regulation.
GDPR goes into full force on May 25, 2018