What The GDPR Would Mean for Tech Companies

access_time June 18, 2019
by   admin
chat_bubble 0
remove_red_eye 314 views
Until quite recently, the European Union Data Protection Directive of 1995 was considered the gold standard for data protection throughout Europe. However, the phenomenal advances in technology over the recent years has made the 1995 directive falling short in many aspects. Serious differences frequently cropped up among member states in terms of the interpretation of the 1995 directive . There arose then an urgent need to frame new rules that would make Europe fit for the digital age, strengthen citizen’s rights over their personal data and eliminate the differences in implementation between member states. The new regulation was also designed to reflect the current fast changing technology scenario. After four years of serious negotiations, the European Parliament adopted the final text of the GDPR (General Data Protection Regulation) on 14 April , 2016 and it came into force in all the 28 EU nations on 25 May, 2018. The General Data Protection Regulation (GDPR) makes it incumbent on the part of businesses to protect the personal data and privacy of European Union citizens for transactions that occur within the European union. The GDPR besides, regulates the exportation of personal data outside the European Union . Types of data that GDPR protects • Basic identity information such as name, address and ID numbers • Web data such as location, IP address, cookie data and RFID tags • Health and genetic data • Biometric data • Racial or ethnic data • Political opinions • Sexual orientation Who does GDPR apply to? GDPR applies to any organization operating within the European union as well as any organization outside of the EU, which offer goods or services to customers or businesses in the European Union. Fines Organizations coming under this regulation will need to comply with all stipulations and failure to comply will invite fines. Fines are of two types: up to 10 million pounds or 2% annual global turnover of the previous year, whichever is higher and up to 20 million pounds or 4% of annual global turnover , whichever is greater. Key Features Right to be informed Organizations need to make sure that people understand who is collecting their personal data and the purpose for which data is collected.. Organizations will need to update their privacy policies to meet the GDPR regulations . Right to be forgotten The “ right to be forgotten” stipulation has been clearly embedded in the regulation. It will allow individuals the right to request that their data be deleted if it is seen that the data is no longer needed in relation to the purpose for which the data was collected. Organizations will then be required to erase the data within one month . Data protection officer Organizations operating on a large scale are called upon to appoint a data protection officer to help them comply with their obligations under GDPR. The officer has the responsibility to monitor whether the organization is complying with the GDPR stipulations. Challenges for the Tech Industry All tech companies wanting to operate in the European union will have to strictly abide by its regulations. Some tech companies may face challenges as regard to complying with some of the stipulations. Few of these stipulations that could pose challenges to tech companies could include: • Documentation of all the personal data that the company has processed or stored and being able to delete it or provide it to the individual upon request • Hiring of data protection officers could bring in an additional financial burden on tech companies • Identifying and reporting data breaches within 72 hours

Our Recent Posts