GDPR and what companies need to know

What is GDPR Regulation?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

It was adopted on April 14th, 2016, and became enforceable on May 25th, 2018. It replaced the 1995 Data Protection Directive, which had been the primary source of data protection law in the EU and the EEA.

The GDPR is designed to harmonize data privacy laws across Europe, protecting and empowering all EU citizens’ data privacy and reshaping the way organizations across the region approach data privacy.

Companies and GDPR

Under the GDPR, companies are required to take technical and organizational measures to ensure the security of personal data and to protect it from accidental or unauthorized destruction, loss, alteration, disclosure, or access.

Failure to do so can result in fines of up to €10 million, or 2% of the company’s total global turnover from the preceding financial year, whichever is higher.

In addition, the GDPR states explicitly that some violations are more severe than others. For those, the fines could be raised up to €20 million or 4% of the company’s total global turnover, whichever is higher.

Companies must also provide data subjects with the right to access, rectify, or erase their data, as well as the right to data portability. Furthermore, data subjects have the right to seek compensation from organizations that cause them damage as a result of a GDPR infringement.

 

Under the GDPR, companies are required to take technical and organizational measures to ensure the security of personal data and to protect it from accidental or unauthorized destruction, loss, alteration, disclosure, or access. Failure to do so can result in fines of up to €10 million, or 2% of the company’s total global turnover from the preceding financial year, whichever is higher. [1] In addition, the GDPR states explicitly that some violations are more severe than others. For those, the fines could be raised up to €20 million or 4% of the company’s total global turnover, whichever is higher. [3] Companies must also provide data subjects with the right to access, rectify, or erase their data, as well as the right to data portability. [2] Furthermore, data subjects have the right to seek compensation from organizations that cause them damage as a result of a GDPR infringement. [3]

 

 

 

 

 

Jovana Stajić
LinkedIn
YouTube
Instagram

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Menu