As an Internet user, you may notice that many companies have updated their privacy policies and sent emails to let you know. This sudden movement is in compliance with the new European Data Privacy Act (GDPR), which was approved by the European Parliament on April 14, 2016, and was imposed on 25 May 2018, giving the institutions a two-year transition period.
Lawmakers describe the law as “the most important change in data privacy regulation in Europe in 20 years.” The previous legislation was directed and was not considered mandatory. The new law was passed as a binding system for member states.
This law applies to all organizations worldwide if they provide goods and services or analyze the conduct of EU citizens. The same applies to both the company and the associated data processor.
Personal data means all information that can be used for identification, such as an email address, ID number, location, IP address, or user name.
What are the objectives of the new Data Protection Act?
– Protect the privacy of data of EU citizens mainly in case of penetration.
– Change the way organizations deal with privacy data.
– Giving citizens greater control over their personal data and the ability to object to how they are collected.
How can organizations collect data?
Under the new law, each entity wishing to collect and process personal data must explicitly request the consent of the person concerned in a clear manner using an accessible form.
Everyone has the right to remove his or her data from the Organization’s database, which must immediately implement the procedure.
Non-compliance with the legislation can lead to a fine of up to 4% of the annual sales figure or 20 million euros depending on which is the largest value.
Rights of persons
The following are the most important rights of the law:
– Notification of breach: In case of a breakthrough, organizations must notify their nationals within 72 hours.
– The right to access: At any time, anyone can request a copy of his data for free. In addition to the right to verify whether the data in question is being processed and for any purpose.
– Privacy during design: Organizations now need to consider privacy issues when designing their systems rather than as secondary ones.