The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a legal framework that sets out a number of guiding principles for the collection and processing of personal information of individuals within the European Union (EU) and the European Economic Area (EEA). On 25th May 2018 the GDPR came into effect across the EU. GDPR places new requirements on all organizations that handle EU personal data.
What exactly is regulated by the GDPR?
The GDPR regulates the collection, storage, transfer, or use of data of EU individuals. It covers any organization that processes personal data of EU individuals. It doesn’t matter whether or not the organization has a physical base in the EU – GDPR still applies. Organizations must be aware that the concept of “personal data” is very broad and covers any data relating to an identified or identifiable data subject. GDPR also addresses the export of personal data outside the EU and EEA areas. Subsequently, it must be noted that the GDPR does not require EU personal data to stay in the EU.
Does GDPR change privacy law?
Yes. The GDPR is an all-embracing data protection law in the EU. It is a new law, and replaces the unconnected national data laws, which previously existed across EU, with a single directly enforceable one. The biggest change that comes with GDPR is the expanded data privacy rights of EU individuals. It also creates a necessity for EU based individuals to be notified of any data breaches. Furthermore, it places added accountability requirements on organizations, as well as an onus on them to provide added security for the protection of their customer’s data.
How does GDPR improve customer experience?
GDPR helps companies increase transparency. This is vitally important in today’s business environment. Customers are often concerned about their data and what it is being used for. GDPR makes this information more transparent and clearly states how the data is processed. As a primary aim it also gives individuals the opportunity to control their own data, whilst simultaneously simplifying the regulatory environment for international business by unifying disparate privacy regulations within the EU.