The GDPR is a Data Protection Regulation (EU 2016/679) adopted by European Union on 2016 and comes in to effect by 2018. The existing Data Protection directive (95/46/EU) will be replaced by GDPR on 2018.
The GDPR focuses on Individuals Data Privacy Protection within and outside European Union and plans to unify the regulation between all Member States. So, the same regulation will be applied across the member states which provides the ease of binding actions during the Investigations & Sanctions. A Supervisor Authority (SA) is appointed for each member state to handle the Investigations on complaints and Administrative Offences. The SA’s are given power to impose administrative fines.
This Regulation applies to the Organizations within EU and as well as outside the country for whom they store or process the privacy data of EU Residents. A Regulation Exception given to Law Enforcement & National Security processing. It is important for the Organizations to comply with this new regulation for whom they Handle, Process & Store the privacy data of European Residents.
Regulation Non-compliance expected to set out various level of fine structure based on the offence & Non-compliance reiteration. For some Violations (Example - Record Keep Obligations) may result in Fine up to 2% of Organization’s Global Turnover or Ten Million Euros (whichever is greater). For offences and Violations (Example – Violation of Data Right to Individuals) may Fine up to 4% of Organization’s Global Turnover or Twenty Million Euros (whichever is greater).
The GDPR is included with Regulation Article called Right to Erasure RTE (Earlier known as Right to be forgotten). With RTE individuals can request the Privacy Data Controllers or processors to delete or destroy their Personal Information collected. The Data Controllers has to take all reasonable steps including Technical Measures for the erasure of the reported data. Right to Restriction is another right which restricts the further publications of reported private data from themselves and Authorized Third Parties Engaged. Failure of compliance may impose fine.
Another noted Regulation Article is about Data portability, this right allows the individuals to transfer their Personal Data from one Data Controller to another. The Data Controllers should maintain the data availability in machine readable, structured & interoperable format.