What Is the GDPR?
The General Data Protection Regulation (GDPR) creates a “one-stop shop” approach to data protection laws across the European Economic Area (EEA) and will come into effect on May 25, 2018. The GDPR, which will replace the current EU Data Protection Directive as the overarching data privacy framework, enhances the protection of EU residents’ personal data and increases the obligations of organizations regarding the collection and processing of personal data.
The EU General Data Protection Regulation (GDPR) is a major step in digital privacy and is the result of a long process settled in European values. It is the most important change in data privacy regulation in 20 years. The 99 legal articles in the Regulation aim at strengthening laws on data protection, thereby giving EU citizens control over their personal data, while emphasizing the ideas of freedom, security, and equality within the European Union. The General Data Protection Regulation (GDPR) should impact nearly any data-driven business in the European Digital Single Market
On May 25, the power balance will shift towards consumers, thanks to a European privacy law that restricts how personal data is collected and handled. The rule, called General Data Protection Regulation or GDPR, focuses on ensuring that users know, understand, and consent to the data collected about them. Under GDPR, pages of fine print won’t suffice. Neither will be forcing users to click yes in order to sign up.
Instead, companies must be clear and concise about their collection and use of personal data like full name, home address, location data, IP address, or the identifier that tracks web and app use on smartphones. Companies have to spell out why the data is being collected and whether it will be used to create profiles of people’s actions and habits. Moreover, consumers will gain the right to access data companies store about them, the right to correct inaccurate information, and the right to limit the use of decisions made by algorithms, among others. In short, the law is a chance to flip the economics of the industry. Since the dawn of the commercial web, companies have been financially incentivized to hoover up data and monetize later. Now, EU consumers will have the freedom to opt in, rather than the burden of opting out. That emphasis on consent creates a financial reward to building consumer trust.
Here´s what you should know about the Rules for the protection of personal data inside and outside the EU.
The new data protection package adopted in May 2016 aims at making Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU and regardless of where their data is processed.
The General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Directive (EU) 2016/680 on the protection of natural persons regarding the processing of personal data connected with criminal offenses or the execution of criminal penalties, and on the free movement of such data.
The directive protects citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will, in particular, ensure that the personal data of victims, witnesses, and suspects of the crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism.
What is Personal Data?
“Personal data” means data of an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier
The broad scope of personal data, therefore, also includes IP addresses, device IDs, and advertising IDs