Blog

GDPR: An important data protection law in Europe

Europe is set to roll out its general data protection laws on May 25 and complying with those regulations may be a costly hassle for companies, according to Prince Constantijn van Oranje of the Netherlands. Complying with European data privacy laws that come into effect next week might be a costly hassle for companies in the short-term but that would mean they would be seen as more trustworthy, according to Prince Constantijn van Oranje of the Netherlands.

This law, the General Data Protection Regulation, will give citizens greater control over their data while requiring those who process personal data in the European Union or about its citizens to take responsibility for its protection. The G.D.P.R. will give Europeans the right to data portability (allowing people, for example, to take their data from one social network to another) and the right not to be subject to decisions based on automated data processing (prohibiting, for example, the use of an algorithm to reject applicants for jobs or loans). Advocates seem to believe that the new law could replace a corporate-controlled internet with a digital democracy. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.

The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

This GDPR protects privacy data such as:

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

The GDPR might also change the mind set of business and security teams toward data. Most companies see their data and the processes they use to mine it as an asset, but that perception will change, says Lewis. “Given GDPR’s explicit consent and firms needing to be much more granular in their understanding of data and data flows, there’s a whole set of liabilities that now exist with the accumulation of data,” says Lewis. “That’s quite a different frame of mind both for legal and compliance, but maybe more important for the way the business thinks about the accumulation and usage of that data and for information security groups and how they think about managing that data.”

PURPOSE OF GDPR :

The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally.

Source: CNBC

Leave a Reply

Your email address will not be published. Required fields are marked *

*required

Previous Post Next Post