In the world of Data Protection Law, General Data Protection Regulation (GDPR) is considered a milestone achievement by the EU. Despite the advancement of the digital era, the EU Data Protection Law remained fairly static for nearly 20 years. However, after three years of detailed discussions, a political agreement led the European Commission, the EU Parliament and the Council of the EU to take a big step towards replacing Data Protection 95/46/EC with GDPR.
GDPR is due to come into force on May 25, 2018 and promises to deliver a unified data protection law for Europe’s 500 million citizens. This law is expected to offer greater accountability and transparency by offering controls for individuals to efficiently manage their data.
The aim of establishing the GDPR is to bring one single set of rules that will make it simpler for companies to run their businesses in the EU. Therefore, implementation of these data protection regulations is necessary in the roll-out of new services and technology.
The GDPR has a far reaching consequences, since if a company wishes to conduct business with an organization that is European, it must abide by these regulations, irrespective of its position on the continent. This law would appear to have huge ramifications as it is set to apply to any e-commerce vendor whose target is to sell their products and services to European customers.
Furthermore, according to the draft GDPR regulations, large businesses with more than 250 employees, along with those organizations that work on data processing operations, will be required to appoint dedicated data protection officers.
Another significant accomplishment for GDPR is with regards to the notification time. Organizations will need to notify the regulator about any breaches within 72 hours.
One of the major goals of GDPR is to ensure that organizations define their specific consent model as well as the processes that they use for capturing data. They also must ensure that individuals are able to retain control over their own data.
Furthermore, according to GDPR it is necessary that companies consider the requirement that any third parties which process information must also be proactively governed. This makes it easier for organizations to identify how and where information is processed, stored and transmitted. These regulations allow organizations to be clear about their actions while also protecting organizational structures, governance and technical requirements.
GDPR is certain to increase organizations’ focus on securing their data and the skills that they must acquire to address the data security challenges. With its new requirements and penalties, GDPR will certainly prove itself to be a game-changer for data protection.