What is the GDPR and why should your organization care?
The European Union Directive 95/46/EC adopted in 1995 by the European Commission is an important component of the union wide privacy and human rights law. The directive is a set of rules implemented differently by each member state with the aim of individual data protection and data movement.
The General Data Protection Regulation will replace the Data Protection Directive and will be effective starting on 25th of May, 2018. This is occurring due to the European Commission aim at to unifying data protection laws across the union via one regulation such as the GDPR.
The EU parliament has approved the publication of the General Data Protection Regulation, proposed by the European Commission, for the protection of fundamental rights of natural persons with regard to processing of data.
The protection of personal and organizational data is ever crucial in a constantly growing cross border market environment. The General Data Protection Regulation requires safeguards and measures for protecting personal data, ensuring safe data processing and managing notifications of potential breaches. The need for safeguards and measures that enable security of personal data is expected to constantly increase; organizations are required to comply with the regulation to ensure protection of the fundamental rights and freedoms of the natural persons in regards to the processing of personal data.
The General Data Protection Regulation sets out the:
- Establishment of data privacy as a fundamental right of natural persons.
- Defining a baseline for data protection.
- Defining responsibilities for the individuals involved in the processing of personal data and security of personal data.
- Establish and ensure the effectiveness of the data protection principles.
- Ensure the protection of the data subject’s rights.
- Ensure safe transfer of personal data in third countries or international organizations.
- Ensure the implementation of the regulation and protection of personal data considered as a fundamental right.
Data protection principles
The General Data Protection Regulation provides six principles relating to the processing of personal data. The reason for providing such principles is to ensure that any processing of personal data is lawful and fair.
- Lawfulness, fairness and transparency – data subjects should be informed what data will be processed.
- Purpose limitations – Data subject’s data can only be used for the processing purpose for which the data subject is aware of. Without consent from the data subject, no further processing of data is allowed.
- 3. Data minimization – The GDPR specifies the amount of data that should be kept for processing.
- Accuracy – The data subject shall have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him or her.
- Storage limitations– The GPDR constraints the period of time for which personal data can be stored.
- Integrity and confidentiality– The GDPR specifies that data must be protected against any unlawful or unauthorized processing, data loss or damage.