The GDPR is a regulation that was put into place in the EU that is designed to protect the personal data of all citizens of the European Union. This regulation applies to all companies that collect data on citizens of the EU. While this regulation has set new standards in consumer data protection, it has come as a challenge to many companies. This new law kicked into effect earlier this year, but some companies are still struggling to get compliant. We have put together a list of the top things you need to know about GDPR.
What is the GDPR?
In 2016 the European Parliament replaced an outdated data protection regulation from 1995 with the GDPR. Under this new regulation, businesses are required to the personal data and privacy of EU citizens. The standards put in place by this regulation are quite high, but they are consistent across all 28 member states. This means a significant amount of investment on the part of the affected companies. This affects not only companies in the EU but also a large number of US companies.
Why Was The GDPR Put In Place?
The GDPR exists because of a general public concern for privacy. The previous regulation in place from 1995 was formed before the internet was used heavily for business as it is today. There is a real public concern over privacy with many news stories about data breaches. Consumers have become more aware of the risk and use of their personal information and now expect companies to take data protection more seriously than ever.
Who Does GDPR Apply To?
The GDPR affects any company that stores or processes any personal information belonging to citizens of the EU, even if they do not have a business within the EU.
Here is a breakdown of the criteria:
- EU presence
- Processing of EU resident data even if not present
- Larger than 250 employees
- Less than 250 employees but has an impact on citizens’ data
Who Is Responsible?
The GDPR makes explicit the roles of a company that is responsible for ensuring compliance. The roles include a data controller, a data processor, and a data protection officer. A data controller at a company is responsible for defining how and why personal data is processed and also for making sure any outside contractors comply. Data processors are the group that manages personal data records; they are responsible for breaches or non-compliance under the GDPR. In case of a breach or non-compliance, both your company and data processor could be held liable even if the fault is of your processor partner. Under the GDPR, the processor and controller are required to appoint a Data Protection Officer (DPO) to manage data security and compliance. The companies that must have a DPO are those that process or store EU citizen data, special personal data, monitor data, or those that are public authorities.
Right On Tech Compliance Assistance
The GDPR is meant to be a change for the better to protect consumers’ personal data, but it can mean a lot of stress for business owners and managers. For further assistance and explanation with becoming GDPR compliant, contact us at Right On Tech. Our knowledgeable team is here to help.