The General Data Protection Regulation (GDPR) is a set of rules, which aims to protect the EU citizens from stealing and abusing of their personal data by Internet resources. The document was officially published on April 27, 2016, but it came into force only on May 25, 2018.
GDPR: Brief History
There were several reasons for the creation of the General Data Protection Regulation. First of all, old regulation (its official name is Directive 95/46/EC) became outdated. It was no longer suitable for solving personal data problems in such a rapidly developing digital age because it has been adopted in 1995. At that time people almost did not use the Internet. Despite the additional rules having been introduced since that time, the EU decided to adopt a new regulation.
In early 2012, the European Commission stated that the European Union had to keep pace with the digital era development in many aspects (including personal data protection). Therefore, it was decided to improve the existing regulating system.
The thing is that the previous Data Protection Directive was only a directive. However, the GDPR is a regulation, which was first presented on December 15, 2015.
The GDPR’s predecessor was applied as a directive in different countries. The EU sought an improved approach by designing separate rules for the digital market. Thus, all organizations that are dealing with personal data must know the regulation’s peculiarities. These rules offer a regulatory framework adapted to the modern digital world, where the data subject has the full right to manage one’s personal data.
In addition to all EU countries, the GDPR is also applied in countries that use the same currency and speak the same language as EU citizens. The foreign companies that serve European customers are required to comply with the regulation as well.
Almost all Internet resources collect our personal data. It happens when we use social networking, make online purchases, communicate via Skype, fill out a form to receive promotions, receive loyalty cards from different stores, arranging a doctor’s appointment, subscribe to a newsletter, etc.
In turn, companies providing these services have a lot of data about their clients. Although not many websites own every piece of the customers’ personal data, its combination can lead to a very deep and concrete formation of ideas about their personal life and confidential aspects, which is violation of their rights.
The GDPR empowers citizens to control their personal data because it is often used for inappropriate purposes despite the fact that their owners did not give their consent to this.
The GDPR manual is a list of what a company must do in order to meet this regulation’s requirements. However, since each company has different activities and operation methods, personal data processed by the specific organization differs as well. That is why the GDPR manual was compiled in cooperation with the interdepartmental team, which considered all the details regarding the personal data storage and use.
Consequences of Non-Compliance with These Regulations
In case of the GDPR’s violation, the organizations will be fined for up to 4% of their annual turnover (up to €20 million). However, these are the maximum penalties for a very strict breach of this regulation. Their amounts will be different depending on how the data subject’s rights were ignored or compromised, and what happened to personal data.
If, for example, it was transmitted at the international level without the customer’s consent, or the subjects' access to the data was systematically blocked or simply ignored. In this case, the maximum GDPR penalties would be imposed.
Following the GDPR simply means adhering to all of its rules regarding personal data processing. Every company has to comply with this regulation in order to operate legally on the territory of the EU.