The General Data Protection Regulation (GDPR) was adopted on May 25, 2018, by the European Union to enhance control over the personal data of EU citizens. The adoption of GDPR repealed Directive 95/46/EC. GDPR establishes rules regarding the protection of individuals with regard to the processing of personal data and rules regarding the free movement of personal data. GDPR applies to the processing of personal data that is fully or partially automated, as well as to the non-automated processing of personal data that is part of a filing system or intended to be part of a filing system.
This regulation respects all fundamental rights and recognizes the freedoms and principles enshrined in the Charter, including respect for private and family life, home and communications, protection of personal data, freedom of thought, conscience, and religion, freedom of expression and information, freedom to conduct a business, right to an effective remedy and the right to cultural, religious and linguistic diversity.
To ensure consistent and high-level protection of individuals and to remove obstacles to the flow of personal data within the Union, the level of protection of the rights and freedoms of individuals in relation to the processing of such data must be the same in all Member States. Throughout the Union, a consistent and homogeneous application of rules for the protection of fundamental rights and freedoms of individuals in relation to the processing of personal data must be ensured. Regarding the processing of personal data for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Member States should be allowed to maintain or introduce national provisions to further specify the application of the rules of this regulation.
Effective protection of personal data across the Union requires strengthening and specifying the rights of the individuals to whom the data relates, as well as the obligations of those processing and determining the processing of personal data.
These rights include:
If you process the personal data of EU citizens and are unable to provide all the rights to the individuals whose data you process, it is high time to align your business processes with the requirements of GDPR. This means developing and adopting internal procedures and rules to demonstrate compliance and educating employees about the meaning and requirements of GDPR.
Some benefits of implementing GDPR include: