What is (GDPR) – General Data Protection Regulation?
The General Data Protection Regulation (GDPR) regulates data protection law across all 28 EU countries. It imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaced the 1995 EU Data Protection Directive and went into force on May 25, 2018. It also replaced the 1998 UK Data Protection Act.
The Emergency of EU GDPR
The General Data Protection Regulation (GDPR) comes into force today. Hence, its the biggest shakeup to data protection rules in decades. Forcing companies to make significant changes to ensure GDPR compliance. By reshaping the way they approach data privacy. Organizations face the daunting task of restructuring all of the personal data they possess in a way by erasing, rectifying and accessing. While adhering to robust security standards. Failure to do so threatens maximum fines of €20m or 4% of global annual turnover, whichever is higher. For some of the world’s largest companies, those fines could run into the billions.
As well as providing extra data security to individuals. That was a subject of considerable attention in the wake of the Cambridge Analytica scandal. GDPR creates opportunities for technology companies to provide services that simplify and secure data management. Technology may have created the need for GDPR, but many see it as the solution. There are many essential items in the regulation, including an increase in fines. Breach notifications. Opt-in consent and responsibility for data transfer outside the EU. As a result, the impact on businesses is huge.
One of the effects of GDPR is driving innovation in artificial intelligence to provide solutions. IBM, for example, has developed a programmed system that uses a type of AI known as cognitive computing. This helps to scan data caches and index findings. It then automatically completes tasks such as user data requests, which is now permissible under the new legislation. AI programmes can also save companies by programming the discovery of sensitive data and risk analysis so as to address any gaps in compliance.
GDPR makes direct reference to automation. Stating that an individual has the right to know when and how to makes decisions when processing their data. This is to ensure they have robust security in place under GDPR organizations. In addition, report certain types of data breaches to the relevant supervisory authority within 72 hours.
Fines for noncompliance are large. They can be as high as €20 million or 4% of a company’s total global revenue, whichever is larger. This is the maximum fine for the most serious violations. For instance, not having sufficient customer consent to process data or violating core Privacy by Design concepts. However, there is a class approach to fines, e.g. a company faces a 2% fine for not having their records in order. Failure to notify the supervising authority and data subject about a breach. Or not conduct an impact assessment. It is important to note that these rules apply to both controllers and processors. Egnyte helps customers achieve GDPR compliance by placing industry-leading, content creation, and data governance at the core of their strategy. Our SaaS solution shows exactly where data resides across a network. Identifies personal/private and sensitive data, and reports information efficiently.
This question originally appeared on Quora – the place to gain and share knowledge. Empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions:
- eugdpr: The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.
- Forbes: What is the General Data Protection Regulation?
- Verdict: How technology is being used to aid GDPR Compliance