With news of security leaks and data breaches becoming all too common, keeping people’s information safe and staying compliant with regulations is essential in today’s business landscape. Additionally, as brick and mortar locations in the US close due to COVID-19, many companies are moving online and going global. As a result, more businesses are newly subject to GDPR requirements, but left with one question: what is GDPR?
If you think GDPR compliance doesn’t apply to you because your company or organization is outside the European Union (EU) or European Economic Area (EEA), we invite you to keep reading. This information is important and these regulations also pertain to the exportation of citizens’ personal data to outside the EU and EEA. Being non-compliant with these regulations can lead to large fines and reputational damage for businesses and companies.
Below, we’ve broken down the governing principles, who is covered, and how the General Data Protection Regulation came to be.
What is GDPR and what does it mean?
GDPR is a legal framework that regulates how personal information and data in the EU is collected and processed by businesses and organizations who collect data belonging to EU citizens. Although the law applies to data belonging to citizens of the EU, it’s important to note that it also addresses the transfer of data and information outside the EU and EEA, due to EU citizens that travel or have dual citizenship
The law has seven guiding principles that apply to all businesses and organizations in how it collects and processes data and information:
- Lawfulness
- Fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality (AKA security)
- Accountability
GDPR is designed to better protect individuals’ rights to privacy in a uniform manner.
Beginning in 1995, the personal data of European Union citizens was defended by the Data Protection Directive, but as the years passed it was found lacking. While our world continued to progress its technological advances, the DPD remained in the 90s, leaving the personal data of many unprotected. It no longer covered the digital ground necessary to keep information safe.
On April 14, 2016, EU parliament approved the General Data Protection Regulation (GDPR) to replace the Data Protection Directive. It then came into effect on May 25, 2018 with the intent to make data privacy laws across Europe consistent, protect the data privacy of all EU citizens and residents, and restructure the way organizations handle data privacy. Due to this change, consumers now have greater control over how their information is used and the environment in which companies have to navigate is clarified.
Check out our blog for more on GDPR Compliance for US Companies and a how-to guide on GDPR compliance.
Do you need GDPR compliance services or just more information on what GDPR means for you? Send us a message today or call 503-389-5666 to discuss how GDPR affects you and ensure you have the right protections in place to stay compliant with the regulations.