General Data Protection Regulation

Our data is all accross the internet and in the databases of all institutions/companies we ever dealt with or services of which we used. But is our data secure?

With businesses collecting and using increasingly large amounts of customer data using IT tools, the last few decades have found it increasingly imperative to make effective laws to protect user data. Cyber crimes like identity theft, misuse or sale of personal data to advertisers, account hacking, data leaks from company databases etc. are all on the rise and we need measures to counter this menace...

A major stride forward in this regard has been the General Data Protection Regulation, which was implemented in the European Union in 2018. The General Data Protection Regulation is a regulation which addresses data protection and privacy in the European Union ( & Economic area) and the transfer of personal data outside the EU/EEA.



KEY DETAILS

Purpose- Data Protection and Privacy Law.

Type- Regulation (No flexibility unlike directive)

Applies to- Any Enterprise processing personal data of EU citizens and the subjects I.e. EU citizens.

{Personal data includes Name, Location data, IP address, Cookie data etc...}

Made by- European parliament and Council of European Union.

Completed- 14 April 2016. 

Implemented- 25th May, 2018. 

Supersedes- Data Protection Directive laws of 1995.

Implemented by- Regulators of concerned country in EEA (such as Information Commissioner's Office in the UK)

AIM

GDPR aims to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the data laws within the EU. 

CONTENTS

The GDPR contains provisions and requirements related to the processing of personal data of individuals in the EEA and applies to any enterprise that is processing such data, regardless of its location.

It has eleven chapters dealing with general provisions, principles, rights of the data subject, duties of data controllers or processors, transfers of personal data to third countries, supervisory authorities, cooperation among member states, remedies, liability or penalties for breach of rights and other final provisions.

While there are numerous guidelines within GDPR, some important points are-

  • The controllers and processors of personal data in these enterprises must apply sufficient technical and organizational measures to implement the data protection principles and must make mandatory disclosures about the purpose of user data collection, processing or sharing. 
  • They must also instate Data Protection Officers, improve system security and carry out regular audits for the same. 
  • Any data breaches must be reported to national supervisory authorities within 72 hours. 
  • Data subjects can ask for reports about their data use and also removal of their records in some cases.
  • Failing to comply with GDPR guidelines can attract heavy monetary penalties.

  • Key principles-

  1. Lawfulness
  2. Fairness and transparency
  3. Purpose limitation
  4. Data minimisation
  5. Accuracy
  6. Storage limitation
  7. Integrity and confidentiality (security)
  8. Accountability

  • Key Rights of subjects-

  1. Right to be informed
  2. Right of access
  3. Right to rectification
  4. Right to erasure
  5. Right to restrict processing
  6. Right to data portability
  7. Right to object 
  8. Rights around automated decision making and profiling

EFFECTIVENESS

  • Penalties under the GDPR totaled €158.5 million ($191.5 million) from 26 January 2020 to 27th January 2021, with Data protection authorities recording 121,165 data breach notifications (19% more than the previous 12-month period). This includes fines on large MNCs such as Google, H & M, British Airways etc...
  • In consequence of the GDPR regulation, users feel more secure about their data and privacy.
  • Multiple countries like Japan, Brazil, Argentina and South Korea have modelled their own data protection laws on its basis while GDPR has found a widespread approval from experts.


It may be concluded that GDPR has indeed positively impacted data privacy and security standards while encouraging organisations to develop and improve their cybersecurity measures. It is expected to be limiting the risks of potential data breaches and has also provided relative peace of mind to users pertaining to their privacy and data security. However, any conclusive inferences about the effectiveness of GDPR are yet to be vindicated.

Authored by- Praharsh Chaubey

Comments

Popular posts from this blog

Top 10 SEO Trends in 2022

Research report- Top 5 digital marketing techniques for startups

What is Desktop as a Service? Here is all you need to know about DaaS