What is GDPR?
Lawmakers in Brussels passed the new legislation in April 2016, and the full text of the regulation has been published online.
Misusing or carelessly handling personal information will bring fines of up to 20 millions euros (£17.5m), or 4% of a company’s global turnover. However the regulation was not created to punish firms, it was created to provide transparency between businesses and consumers.
In the UK, which is due to leave the EU in 2019, a new Data Protection Act will incorporate the provisions of the GDPR, with some minor changes. All EU citizens now have the right to see what information companies have about them, and to have that information deleted.
- Companies must be more active in gaining consent to collect and use data too, in theory spelling an end to simple “I agree with terms and conditions” tick boxes.
- Companies must also tell all affected users about any data breach, and tell the overseeing authority within 72 hours.
- Each EU member state must set up a supervisory authority, and these authorities will work together across borders to ensure companies comply.
The regulation was enforced on May 25th, and is the biggest update on Data Protection laws in a generation, overtaking the outdated Data Protection Act (1998).