What is GDPR (General Data Protection Regulation)?

The General Data Protection Regulation is a privacy and security law that was established to protect EU citizens and their data from entities across the globe. While this measure specifically asserts the privacy for citizens and residents living in the EU, this law affects any organization in the world that seeks personal data or information of EU citizens. Historically the EU has consistently maintained the priority of protecting the privacy of its citizens and residents. However, as technology advanced into the digital era, the government entity decided to draft new legislation that would firmly enforce compliance from external organizations near and far. The GDPR was drafted in 2016 and began to be in effect by 2018. The regulation protects its citizen’s personal information as well as enforces rules for organizations as to how they collect the data of these citizens. If organizations do not comply with these measures, they face potential penalties and fines that can reach as high as millions of Euros to be paid to the EU. 

What Information Does the GDPR Cover?

The information that is discussed under this regulation pertains to the personal data of EU citizens and residents. Personal data, in this context, is defined by demographic information that can identify the users through names, addresses, gender, race, political opinions, web cookies and other digital or personal identifiers. If this information is collected without the proper secure methods, organizations can face major repercussions of fines up to €20 million or 4% of their global revenue. 

What Organizations Are Affected By the GDPR?

Any organization that solicits information or data from EU citizens or residents are included in the regulation and protocol of the GDPR. In addition, any organization, regardless of their base or origin, can be subject to pay penalties and fines if they perform any misconduct. With e-commerce growing into the giant that it is, businesses all around the world interact with an international audience of potential customers. Thus, any business or organization that offers goods or services to customers of EU citizenry or residency are subject to follow the GDPR protocol. 

How Must Organizations Collect Data? 

Aside from offering goods and services to citizens and residents within the EU, organizations can obtain personal data that can be sensitive and confidential which urges their cooperation and compliance. Under this regulation, organizations must follow and implement appropriate technical and organizational measures. From the technical perspective, organizations should design highly secure authentication measures wherever personal data of their customers have been stored. This will ensure that internal access to the data is protected and accessed appropriately. From and organizational perspective, keeping employees and staff up to date on trainings and protocols that deal with this regulation is important as well. With constant adjustments and modifications that can be made to the GDPR, an organization cannot afford to function on outdated information. While the collection of data deals with a specific protocol, the same effort is made for the storing of data. Within the regulation there is a highlighted measure that outlines the specific instances that an organization can continue to process someone’s personal data. If an organization can justify itself among those instances, it will not be reprimanded.