The General Data protection Regulation refers to a law within the European Union whereby the data of user is collected and ensured protection of the data and the privacy, the user holds the right to revoke this law.
After four years of planning this new law finally started from May 25 2018 this new law is replacing the outdated UK data protection directive 1995 and will be enforced by the information Commissioner’s office.
The new wave of change is an ongoing evolution in the world of technology and reassures users with more rights a stronger control on their data and gives them more power over it. This prevents inevitable breach of data and information from hackers with malicious intent. And from Companies that mishandle data.
Organizations that don’t comply or assure legally collected data will face penalty.
The GDPR is applicable to all organizations working under and outside the European Union.
This is applicable to both the processors and controllers of data. Whereby the agencies regulating the data processing and the agencies operating the data in place of the controller.
The work of the controllers is to make sure the contracts are compiled strictly.
The personal user data protected under the GDPR include names, addresses, photos, IP addresses, genetic and biometric data. The sensitive data include trade union membership, religious beliefs, political beliefs, racial background and sexual orientations.
The penalties decided under the GCPR are differ from € 10 million for smaller offences and € 20 million (4% annual global revenue) for bigger offences.
The GDPR provides a permanent change in businesses. Under a new study 80% of businesses have less or no information about the GDPR.
Under GDPR the basic user rights are:
- Better accessibility.
- Right to withdraw their consent.
- Data portability; whereby they can transfer data from different servers using machine readable format.
- Right to be informed by Companies before their data is collected.
- The right to correct the information.
- The right to restrict the process.
- The right to object and put the data processing to a halt.
- The right to be informed in the first 72 hours incase information breach.
Organizations must:
- Not withhold any information from user
- Make sure that user’s consent was given
- Double check business processes and operations.
- Identify where there data resides to clarify the coming and going of information.
- Clean up and filter the unnecessary data
- Double check and restrict the security against all breaches of data.
- Make a clear communication plan in case of a breach.
- Renew plans and make clear policies for handling personal.
Some companies are still in due process of regulating this law past the deadline.
The Companies abiding by this and making sure it’s followed through show their value for privacy policy. Moreover it further helps build a strong partnership with their users on the basis of trust by providing the users the upper hand on their data.