With news of security leaks and data breaches becoming all too common, keeping people’s information safe and staying compliant with regulations is essential in today’s business landscape.
If you think GDPR compliance doesn’t apply to you because your company or organization is outside the European Union (EU) or European Economic Area (EEA), we invite you to keep reading. This information is important and these regulations also pertain to the exportation of citizens’ personal data to outside the EU and EEA. Being non-compliant with these regulations can lead to large fines and reputational damage for businesses and companies.
Below, we’ve broken down the principles that govern GDPR, who is covered by GDPR, and how GDPR came to be.
What is GDPR and what does it mean?
GDPR is a legal framework that regulates how personal information and data in the EU is collected and processed by businesses and organizations who collect data belonging to EU citizens. Although the law applies to data belonging to citizens of the EU, it’s important to note that it also addresses the transfer of data and information outside the EU and EEA, due to EU citizens that travel or have dual citizenship
The law has seven guiding principles that apply to all businesses and organizations in how it collects and processes data and information:
- Fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (AKA security)
GDPR is designed to better protect individuals’ rights to privacy in a uniform manner.
Beginning in 1995, the personal data of European Union citizens was defended by the Data Protection Directive, but as the years passed it was found lacking. While our world continued to progress its technological advances, the DPD remained in the 90s, leaving the personal data of many unprotected. It no longer covered the digital ground necessary to keep information safe.
On April 14, 2016, EU parliament approved the General Data Protection Regulation (GDPR) to replace the Data Protection Directive. It then came into effect on May 25, 2018 with the intent to make data privacy laws across Europe consistent, protect the data privacy of all EU citizens and residents, and restructure the way organizations handle data privacy. Due to this change, consumers now have greater control over how their information is used and the environment in which companies have to navigate is clarified.