You must have seen e-mails or must have heard it on news channels about the new General Data Protection Regulation(GDPR). But if you haven’t then it’s not your fault, GDPR is not exactly a hot topic that you want to discuss at the dinner table.
What exactly is GDPR?
In 2016 the EU approved a piece of legislation known as GDPR. Businesses in the European Union, as well as businesses that are benefiting from the user data of people living in the European Union, have to comply according to GDPR norms.
The main purpose of GDPR is to provide control to people of the EU whose data is being used by the companies. It makes people living in the European Union at a controlling position of their own data.
According to GDPR, 2 years were given to businesses to comply. The given period time is almost over and the last date to comply is 25 May 2018.
Key Elements
Right to be Informed
This states that a person should always be in a state in which he knows where his data is being used, how it is used, by whom it used.
Right to be Forgotten
This right gives the user to be able to delete his data if it sets certain rules of deletion. For example, if the data was collected for a purpose and purpose no longer exists then the user has the right to ask the company to delete his data.
Data Protection Officer(DPO)
A person has to be appointed by businesses to help them comply with the provisions of this law.
Obligations on data processors
Under the Data Protection Act 1998, only the data controller was obligated statutorily. But under GDPR both data controller and data processors are obligated statutorily.
But what if you are in violation?
Various levels of fines are placed to make sure the businesses are doing their best to protect user data. The fines are discretionary instead of mandatory. Fines are generated on case to case basis but must be effective, proportionate and dissuasive.
Lower level
Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher.
Upper level
Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.
Summing Up
If you are directly or indirectly using data of people living in the European Union, then you would come under the purview of GDPR from 25th May 2018. This legislation an additional expense on your pocket as you either have to hire inhouse data experts or outsource data management to a tech security agency.
Idea Usher is a web and app development company with years of collective experience. Contact us with your idea and requirements and we will guide you with it.