The GDPR - the General Data Protection Regulation - is the European Union’s data privacy law. The GDPR puts in place rules for collecting and processing personal data from individuals who are located in the EU.
The GDPR applies in three main scenarios:
1. “Boots on the ground.” Organizations that have some actual physical presence in Europe (offices, people]);
2. The organization is monitoring the behavior of people in Europe (like advertising companies that track consumers on the internet);
3. The organization is offering goods or services to people located in Europe
That means any company, even if they are not based in Europe, if they fall under any of these three scenarios, may have to comply with the GDPR.
The GDPR is really complicated, but here are the basics:
One of the aims of the GDPR is to harmonize data protection rules across the EU. *Following Brexit, the UK has adopted the GDPR into its law as the “UK GDPR.”
It is governed by a set of seven fundamental principles, which have to be followed when processing personal data. Two important ones are
1. Transparency, meaning that companies have to tell people what data they are collecting and how they are using it; and
2. a limitation that data can only be collected for a specific purpose.
The GDPR guarantees a number of individual rights to consumers, like the right of access to personal data or the right to have data erased (the “right to be forgotten”).
It imposes potentially big fines on violators - u p to €20m or 4% of the company’s annual worldwide turnover, whichever is higher. It only covers personal data, not company or entity data, like trade secrets.
It covers a wide range of data types, from photos, to browsing data, from contact data to IP addresses and more.
To recap - GDPR, Europe’s data privacy law - places lots of legal requirements on organizations that gather and use personal data of people located in the EU.
It’s governed by 7 fundamental principles, guarantees individual rights to consumers, and can result in big fines for companies that violate it.