The General Data Protection Regulation (GDPR) harmonizes data protection laws in the EU that are fit for purpose in the digital age. By introducing a single law, the EU believes that it will bring better transparency to help support the rights of individuals and grow the digital economy.
The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents. Even organizations outside Europe need to be compliant, or otherwise face significant penalties.
The primary objective of the GDPR is to give citizens back control of their personal data. From an economic standpoint, the GDPR aims to simplify the regulatory environment for international business by unifying the regulation within the EU.
Because the GDPR is a regulation and not a directive, it means that it is directly applicable in all EU member states from May 2018. A directive only directs member states to implement ruling, but does not enforce.
The reforms consist of two instruments:
The General Data Protection Regulation (GDPR) which is designed to enable individuals to better control their personal data. It is hoped that these modernised and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust.
The Data Protection Directive: The police and criminal justice sectors will ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time more harmonised laws will also facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.
The GDPR was ratified mid 2016 and immediately became law. Member states now have a 2 year implementation period. Enforcement will commence by 25th May 2018 at the latest.
This course summarises the key components of the GDPR – it should be noted that this is only a simplified summary to enable you to have an awareness and understanding of GDPR.
The below video explains what GDPR is for you as a consumer or your customers