The GDPR (General Data Protection Regulation) was adopted by the European Parliament as of April, 2016 which can be treated as a replacement of an outdated directive of year 1995 relating to data protection. This regulation is said to be coming to effect from 25th May, 2018. It incorporates measures that the businesses need to take on, so as to protect the personal (sensitive) data and thereby maintain privacy for the EU citizens. So, GDPR moves in here in order to regulate all the transactions that happen within the member states of EU as well as the personal data that has to be exported to places outside EU.

According to reports that included a survey conducted for 7500 customers in multiple countries, the top concern of the respondents was the loss of their data concerning banking and finance. Following it was the concern of loss of security related information like, passwords and information pertaining to identity such as, driving license or passports. There was also an alarming statistic that came up in the report for the companies dealing with costumer data where, respondents (about 62 percent) revealed that they would have the blame put on the companies for their data loss during the time of a breach rather than the hacker who did it. The conclusion to the report informed that as the customers are becoming more and more informed, they are expecting more and more transparency, proactive decisions and responsiveness from none other than the stewards holding their data. Therefore, GDPR would ensure that the businesses become accountable so as to monitor and protect data on a daily basis because of their own widespread transformations happening digitally which make greater usability of digital assets, big data and services.

The types of private data which the GDPR would protect include primary identity information (like, name, address, ID numbers), web data (like, location, cookie data, IP address, RFID tags), health and genetic data, racial or ethnic data, sexual orientation, biometric data and political opinions. It is a mandate that any organization (or company) which either stores or processes sensitive information of the EU citizens within the states of EU should adhere to GDPR, even though they don't have any business presence within EU. The sectors that would be affected the most by GDPR are as follows; technology (53 %), inline services (45 %), software companies (44 %), financial services (37 %), online services or SaaS (34 %) with retail or consumer packaged goods (33 %). With respect to any sort of non-compliance, GDPR instructs for levying steep penalties that can go up to 20 million or 4 percent of the global annual turnover, whichever is higher.

GDPR deals with defining roles such as data controller (who looks into how the data would be processed along with its purpose of processing and ensuring that the outside contractors comply), data processor (which can either be internal groups who deal in maintaining and processing of personal data or an outsourcing firm which does complete or just a part of the mentioned activities) and DPO (data protection officer). For any sign of non-compliance or data breach, GDPR would hold the processor liable. It's also true that even though the processing partner is entirely at fault, still both that is, our company along with the processing partner would be held liable for huge penalties. Hence, GDPR would act as an iron clad set of rules to instruct the stakeholders involved as to know how the data flows so that the implementation of sensitive data protection principles becomes easier.





Related links

This indicates that being a company (or organization), one must make sure that they are well aware of all the changes coming up and what do the changes mean to you.

Read More


Praesent nec nisl a purus blandit viverra. Praesent ac massa at ligula laoreet iaculis. Nulla neque dolor, sagittis eget, iaculis quis, molestie non, velit. Mauris turpis nunc, blandit et, volutpat molestie, porta ut, ligula.