If you live within the EU, chances are that you will have heard the General Data Protection Regulation (GDPR) mentioned. But, do you know how it affects you? If the business or organisation that you own, or work for, processes the data of EU citizens then it needs to comply with GDPR stipulations, and so do you.
The deadline for GDPR is 25 May 2018. This is the date on which it becomes law throughout the EU. It’s also the date by which individual EU states will be expected to have incorporated the stipulations of the GDPR into their own data protection laws.
It is important to note that although the GDPR is intended to harmonise the way data protection is dealt with throughout the EU, individual states do still have some leeway to expand on the stipulations when they put their own data protection bills through Parliament.
What does this mean for you?
As we mentioned earlier, if you own a business or organisation that processes the personal data of EU residents, or you work for one, you will be expected to comply with GDPR. As the deadline approaches it is vital that you acquaint yourself with the content of GDPR, so that you can ensure compliance. Here are some of the main areas that you need to know about.
- GDPR applies to all businesses and organisations that process the data of people living in the EU, no matter where the business or organisation is based.
- Consent is not the only legitimate reason for processing data but if you are using consent as the reason you need to make sure it is explicit and that data is only processed for that particular reason.
- Data subjects now have the right to data portability which means they can obtain an electronic version of all data being held or processed and that they can transfer this data to a third party.
These are just a few of the main points you need to know. For more information, it is a good idea to refer to documents produced by the Data Protection Authority (DPA) for your country.