General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) is a set of rules designed to give EU citizens more control over their data.

It aims to simplify the regulatory environment for business, so both citizens and companies in the European Union can fully benefit from the digital economy.

GDPR became law in April 2016 with an implementation of May 25, 2018.

Businesses were given two years to prepare for this regulation to take hold. GDPR introduced higher and stricter privacy requirements and hefty fines for noncompliance.

The impressive, yet challenging, part of the GDPR is that it applies to all organizations processing the personal data of subjects within the European Union, regardless of their location.

How Does General Data Protection Regulation (GDPR) Affect Companies?

GDPR is an effort that seeks to fill a gap in the field of Internet privacy. Implementation by organizations around the world has not been easy as the statute is complex and, in many ways, difficult to enforce.

This has been particularly so for small and medium enterprises (SMEs) and startups as the costs of ensuring compliance are considerable.

Under these new rules not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so. It does away with third-party sharing of personal data.

The General Data Protection Regulation assisted Europe to achieve two goals.

The first, provide some much-needed substance to the global debate on Internet privacy, which has long been a philosophical debate with few tangible results.

Secondly, through the GDPR, Europe seeks to position itself as a de facto global regulator for privacy.