If you reside in the European Union it is likely that you will have heard about the General Data Protection Regulation (GDPR). However, are you aware how it affects you? If the business or company that you own, or are employed by, processes the data of EU citizens then it needs to adhere with GDPR legislation.
GDPR will be enforceable, by law, is 25 May 2018. Individual EU states will be expected to have incorporated the facets of GDPR into their own data protection legislation.
It is vital to remember that although the GDPR is aimed at bringing uniformity to the way data protection is managed throughout the EU, individual states do still have some maneuverability where they can expand on the stipulations when they put their own data protection bills through Parliament.
How Does This Affect You??
As we mentioned before, if you own a business or company that processes the personal data of EU residents, or you work for one, you must comply with GDPR. As the deadline approaches it is important that you acquaint yourself with the content of GDPR, so that you can achieve compliance.
Here are some of the main aspects that you need to be aware of.
- GDPR applies to all businesses and companies that gather the data of people residing in the EU, no matter where the business or organisation is located.
- Outright consent must be obtained before personal data is tracked, including for the use of cookies.
- Consent is not the only valid reason for processing data but if you are using consent as the reason you need to make sure it is outright and that data is only processed due to that specific reason.
- The right to data portability is allocated to data subjects which means they can record an electronic version of all data being stored or managed and that they can transfer this data to an external third party.
These are just a few of the main points you need to consider. For more on this topic it is important to refer to documents released produced by the Data Protection Authority (DPA) in your country.