What is the GDPR?
The General Data Protection Regulation (GDPR), created by the European Union, is designed to give consumers more control over how their personal information is stored and used by businesses. The regulations include strict guidelines and higher fines for businesses who fail to comply.
Read on to find out more about the GDPR.
What types of data does the GDPR protect?
Here are the different types of data protected by the GDPR:
- health and genetic information
- biometric information
- data on race or ethnicity
- political viewpoints
- sexual orientation.
Name, address, and ID numbers and other examples of basic identity information are included. Location, IP address, cookie data, and RFID tags are also part of a person’s web data that is covered.
Which businesses are affected by the GDPR?
- a presence in an EU member state
- although it has no physical presence in the EU, it processes personal data of European residents
- if you have over 250 employees.
- fewer than 250 employees, but its data processing has an impact on data subjects’ rights and freedoms, is not infrequent, and includes certain types of sensitive personal data. That effectively means nearly all businesses.
How does the GDPR affect customer contracts?
The GDPR holds data controllers (the organisation that owns the data) and data processors equally liable (outside organisations that help manage that data). A non-compliant third-party processor means your organisation is not compliant. The new regulation also includes strict reporting rules that everyone in the chain must be able to follow. Organisations must also inform customers about their GDPR rights.
This means that all existing contracts with processors (such as cloud providers, SaaS vendors, or payroll service providers) and customers must clearly define roles and responsibilities. The revised contracts must also define consistent processes for data management and protection, as well as how breaches are reported.
The GDPR may also alter the approach of business and security teams to data. Most businesses regard their data and the processes they use to mine it as assets, but this perception will change.
What happens if my company fails to comply with the GDPR?
Noncompliance with the GDPR can result in fines of up to €20 million or 4% of global annual turnover, whichever is greater. However, the majority of the fines imposed thus far have been minor.
As of May 29, 2000, the EU had issued 282 fines, according to the GDPR Enforcement Tracker. The vast majority of those fines are in the tens of thousands of euros range. According to DLA Piper’s GDPR Data Breach Survey from January 2020, the largest fine was imposed against Google in January for €50 million. That fine was imposed because of a lack of transparency and valid consent.
To sum it up…
The GDPR may be relatively new and difficult to understand, at least at the beginning. However, it is important to know that these organisations are doing their best to protect data privacy.
This is something we all need and something we are all affected by. As a business owner, you might want to brush up on your knowledge of the GDPR and understand how it can affect your business in the long run.