What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation implemented by the European Parliament, the Council of the European Union and the European Commission.
It aims to establish a stronger data protection system for all individuals inside the European Union, and to give them back the power of decision over their personal data, by creating one unified regulation for the whole European Union.
This new regulation adopted on 27 April 2016 has replaced the data protection directive of 1995, and will become enforceable on 25 May 2018, at which time any organization in non-compliance may face heavy fines.
What are the main changes from the previous regulation?
Increased Territorial Scope
On the contrary to the previous legislation, this new one will extend the GDPR jurisdiction by applying to all companies treating personal data of any individual living in the EU regardless of the company’s location. Whereas before, the territorial applicability of the directive was ambiguous. Now with GDPR, the process is very clear.
With this new regulation, companies can be fined up to 4% of their annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious violations of the GDPR; that is to say violating the core Privacy or not having enough consumer consent to process data. This is applying to both controllers and processors, which means that even the ‘clouds’ will have to respect this regulation.