The General Data Protection Regulation (GDPR), which went into effect 25 May 2018, creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
While many of the principles of this regulation build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data, and broadens the rights that individuals have for accessing and transferring their data. Failure to comply with the GDPR can result in significant fines – up to four per cent of global annual revenue for certain breaches.
This article was last updated 17-Jan-2020 at 2:40am