The General Data Protection Regulation (GDPR), a regulation within the European Union (EU), is designed to standardize data protection practices for EU citizens or individuals who reside in the European Economic Area. The EEA also includes Norway and Switzerland, as well as EU Member States. It was approved by the EuropeanParliament in April 2016 and was implemented May 25, 2018. It is a regulation that is implemented by the Member State of the EU and EEA. However, it is applicable to citizens and residents of all countries. Even if an organization is not located in the EU but collects, stores, and/or processes data from EU citizens, it must comply with the GDPR.
In an era of digital presence, privacy has become a distant concept. The GDPR was created to address this need. As such, this regulation per se is not entirelyunprecedented in the nature of its subject ,Ai since countries like Germany orFrance have had data privacy laws in place which are even stricter than theGDPR ,Ai but its complexity, comprehensiveness, territorial coverage andapplicability are indeed unprecedented. It was not surprising that the consequences for big data players like Facebook and Google would also be unprecedented. It’s been one year since the GDPR was implemented. Among the most notable consequences is the expected fining of Facebook of 1.6 Billion Dollars for noncompliance. The most outrageous consequence, however, was the staggering fine of 57 Billion Dollars which was currently being appealed.
The GDPR has 99 articles. The most important principles in the legal and privacy rights background include consent, privacy by design, right of access, right to be forgotten, and the “right not to be informed”.
Consent means that the subject data must have been presented with the consent option. The subject must then choose whether or not to allow the request for their data to be collected (in this instance, the data collector). The consent request should not be ambiguous.
Privacy by design is, as the name implies, the technology that collects data should include data protection in its genesis.
The right of access is a principle that gives data subjects the right of access to the data they have. It allows them to ask the data collector about their data, the way they process it, and who they share it with.
The GDPR’s central component is right to be forgotten. It is the first step towards the next major grant. The data subjects have the right of asking the data collector (processor), to permanently erase any data they have on them. The “right to access” allows the data subject to find out if any personal or sensitive information is being stored by the data collector. We can see that the areas where organizations fail to comply are those that grant “access” and “right of forgetting” to data subjects. This is usually due to missing deadlines and timeframes, and sometimes failure to inform data subjects as a right granted under the “rights to be informed”.
Apart from the legal, financial, and data protection headaches that many have experienced, the GDPR has also provided many opportunities of a new nature. Aside from the legal professionals who have had a lot to monitor and study, there has also been a lot of new work opportunities.
GDPR – From Principles To Opportunities
