The General Data Protection Regulation Policy (GDPR) is a data security and privacy legislation that was implemented on 25th May 2018 for the protection of European Union citizens. It replaced the previous data protection policy that had been around since 1998 called the Data Protection Directive.
Following this policy, EU citizens have more control over their personal data collection and processing. Personal data includes basic information such as names, addresses, and photographs as well as more detailed information such as IP addresses, sexual orientation, religion, online behavior, and even political opinions.
The GDPR gives citizens the ability to request information about how their data is being used and the ability to have it deleted whenever they would like.
The policy has six main principles which are as follows;
Despite being a policy created and meant for EU citizens, the GDPR has an impact on organizations within and outside the EU alike. Organizations in the United States that use any form of data involving the EU citizens will have to be compliant with this policy or else risk fines of up to 20 million euros or 4% of their annual revenue (whichever is greater).
This policy will mean different things for each organization depending on the measures they already have in place. However, in order to demonstrate that you are a complying organization, you will have to show that you are taking the following factors into consideration;
US Organizations that stay compliant with the GDPR should not have a lot to worry about; however, if they fail to comply, they could be risking more than just fines – they could potentially lose out on valuable business in the EU.
Contact us if you would like more information about GDPR.