General Data Protection Regulation is considered to be an evolution of the existing data rules and regulation called DPD or Data Protection Directive in the European Union countries. It is going to replace the shortcomings of DPD and some the changes are companies need to perform risk assessments before undertaking an operation where consumer data will be collected and processed, notifying the consumers about the data collection and processing, minimal data collection and likewise. It will also cover personal data section which is the main focus of DPD. The following are the changes EU companies are required to bring due to GDPR compliance.
Minimization – Privacy by Design is an extension from DPD but according to the new regulations, companies have to follow the principles of minimal data collection, processing, and retention. Furthermore, the companies have to gain consent from the customers before processing their data.
Impact Assessment – When the data are processed, the companies have to analyze the risks involved in such operations and the privacy has to be the main concern and not the processing technique. If the risk assessment complies with the regulation laid down, only then can the companies proceed with data processing.
Data Erasure – GDPR regulation is more about giving ultimate protection to the consumer. According to the new data erasure rules, the consumer will have the option to ask the companies to data their data. The companies have to comply with such request and nothing can be done without the permission. If any objection is raised, the data has to be taken down from the server or web immediately.
Notifying Authorities – Companies have to notify the authorities within 72 hours of any data breach happening. As a matter of fact, they have to inform the data subjects or consumers if the data breached contain personal information that poses risk to their rights and freedoms.
Extraterritoriality – It is not only the EU companies that have to comply with the new regulation but also the companies situated outside EU countries. Any company that collects and processes data of EU citizens have to comply with the regulations completely.
Fines – The fine structure for companies not complying with the regulation has changed drastically. There is a tiered penalty structure in place and the companies have to pay 2 to 4 percent of their global revenue depending on the level of non-compliance found.
EU companies are taking it positively and upgrading their security measures like never before by hiring data protection service companies like Data Vault.