Generally, everything that we do in our day to day activity revolves around data. Every kind of service we use, whether its finance, social media, or business, collects and processes our personal data.
General Data Protection Regulation (GRPR) is a regulation passed to protect citizen privacy in the European Union member states. The regulation was approved in April 2016 and applies to all companies that do business with the EU. In GDPR, not only do the companies have to ensure that the data is gathered with the consent of the users, they also have to ensure the security of the data.
The companies that collect user data will need to put additional security processes to contain compliance.
The law protects the following types of data:
The law applies to:
The GDPR defines the roles that are responsible for ensuring compliance. The following people are responsible within a company for compliance:
The data controller - defines the purposes and method of processing personal data. This same person is responsible for ensuring compliance with third-party vendors, so they are personally liable in case of a breach.
The data processors- analyze data outside organizations. They are equally liable for data security.
The GDPR affects third-party and consumer contracts as well. The consumers must inform users of their rights under GDPR; therefore, all extant contracts will need to be renewed to clearly define consumer rights.
Remember: The GDPR states that a company has 72 hours to report a data breach. Failure to do so may result in strict action against the company.
Free Resources