Following a two-year transition after a seven year debate, the General Data Protection Regulation (GDPR) is in effect from May 25.
The EU regulation becomes the gold standard in data protection, a milestone of the digital age.
It gives companies a new set of rules for sharing data online.
A processor of personal data must clearly disclose:
- what data is being collected and how
- why it is being processed
- how long it is being retained
- whether it is being shared with any third-parties
Users have the right to:
- request a portable copy of the data collected by a processor in a common format
- the right to have their data erased under certain circumstances
- be notified unless the data stolen is strongly encrypted
GDPR will refine and enshrine:
- the “right to be forgotten” laws as the “right to erasure”
- giving EU citizens the right to data portability
- bolstering the requirement for explicit and informed consent before data is processed
- ensuring that consent can be withdrawn at any time
…With some muscle behind it:
- empowering data regulators can fine up to €20m or 4% of annual global turnover
- data breaches must be reported within 72 hours to a data regulator
- public authorities and businesses whose core activities center around regular or systematic processing of personal data are required to employ a data protection officer
And there’s more…
“GDPR applies only to the EU, but given the scale of the market, many companies are deciding it’s easier – not to mention a public relations win – to apply its terms globally,” reports The Guardian. Other companies are not ready.
For sure, Mark Zuckerberg was spectacularly condescending and awkward in his Tuesday testimony before the European Parliament whose members posed some tough questions…which went completely unanswered. (The Travel Vertical tuned in live for the whole darn thing.)
If your question is, “What does GDPR mean for me?” read more here.