What is GDPR?

Generally, everything that we do in our day to day activity revolves around data. Every kind of service we use, whether its finance, social media, or business, collects and processes our personal data.

General Data Protection Regulation (GRPR) is a regulation passed to protect citizen privacy in the European Union member states. The regulation was approved in April 2016 and applies to all companies that do business with the EU. In GDPR, not only do the companies have to ensure that the data is gathered with the consent of the users, they also have to ensure the security of the data.

The law applies to:

• Companies that have a presence in the EU.
• Companies that are not present in the EU, but processes the data of EU citizens.
• Companies that have more than 250 employees.
• Companies that have less than 250 employees, but its data protection impacts the rights of citizens, is not occasional, and it does not include personal data.

The GDPR defines the roles that are responsible for ensuring compliance. The following people are responsible within a company for compliance:

• The data controller - defines the purposes and method of processing personal data. This same person is responsible for ensuring compliance with third-party vendors, so they are personally liable in case of a breach.

• The data processors- analyze data outside organizations. They are equally liable for data security.

The GDPR affects third-party and consumer contracts as well. The consumers must inform users of their rights under GDPR; therefore, all extant contracts will need to be renewed to clearly define consumer rights.

Remember: The GDPR states that a company has 72 hours to report a data breach. Failure to do so may result in strict action against the company.