Everyone is concerned over the changes coming because of the new GDPR regulation. From how to achieve compliance to whether or not they need to comply at all businesses are scrambling for information and to put a plan together before the May 2018 deadline. However, the biggest problem that many companies are facing is that they don’t actually understand what the regulation is in the first place.
GDPR, or the General Data Protection Regulation, is a new mandate set to replace the Data Protection Directive 95/46/EC. It updates the directive, modernizing it for new technologies and creating a more descriptive set of rules, rather than prescriptive ones. This will ensure that the GDPR is able to keep up with rapidly evolving technologies – a problem that the DPD had.
The Goals of the GDPR
The main goal of the GDPR is to put a set of rules in place that protect the personal data of all EU citizens. It defines what an individual’s rights regarding their data is, describes what use of that data is covered, and outlines the sanctions put into place to enforce those protections. It has also been updated beyond the scope of the DPD to include data processing, not just collection and storage. This drastically changes who is affected by the regulation.
Individual Rights Under the GDPR
The most important feature of the GDPR is that it clearly defines what an individual’s rights are:
- Right to access their own personal data.
- Right to rectify inaccurate personal data
- Right to challenge automated decision making
- Right to object to direct marketing
- Right “to be forgotten”
- Right to data portability
Most important are numbers five and six. These two are additions to the GDPR, allowing individuals to demand their personal data be deleted (5) and to have easy access to any data concerning them, and transmit that data to a different controller if they so desire (6).
So How Do We Comply with GDPR?
We discuss how to achieve compliance in our webinar “Understanding GDPR: Myths & Reality of Compliance.”