The GDPR regulation came into effect on May 25, 2018 and stands for The General Data Protection Regulation. It is a rule passed by the European Union in 2016 for companies working in the management and sharing of personal data. From one standpoint it seems as if like it has only affected the citizens and companies of the EU, though even tech giants like Google and Slack have also been affected by it. This can be attributed to the global nature of the internet.

 

The GDPR extends Privacy Shield and Data Protection Directive in two distinctive ways. First and foremost, it is for the companies who collect the private data of the common public. After 2016, any company that collects personal data on any EU citizen, has to have the explicit and informed consent of the citizen concerned.

 

These conditions especially apply to the big tech giants like Facebook and Google that are dependent upon the collection and sharing of public data for their ads to function. Whether companies are based in the EU or outside the EU, they must adhere to the terms written in the GDPR. Second, the companies are levied with heavy penalties if they violate any of the terms mentioned in the GDPR. The maximum fines for a single violation could be 4 percent of the global turnover of the company. The amount is enough to completely sink any small IT firm.

 

 

Aptly said by David Coolegem, Senior Manager at Sia Partners

“The fines of GDPR are BIG, but the reputational risk is likely to be bigger.”

Here are 7 GDPR Rights that should be known by every company and individual in the EU. Let’s see them one by one: -

 

 

OBTAINING CONSENT

 

The terms of consent should be mentioned in the terms and conditions dialog box in an easy-to-understand language. The user must have the freedom to withdraw anytime he/she wants.

 

TIMELY BREACH NOTIFICATION

 

If there is an act of security breach, the organization has to report it within 72 hours.

 

RIGHT TO DATA ACCESS

 

If the user demands access to their data profile, the companies must give an electronic copy of the data collected about him.

 

RIGHT TO BE FORGOTTEN

 

Once the original use of the data is done, the users can request companies to erase their all data.

 

DATA PORTABILITY

 

The users must be able to get their data from companies and reuse these data in any environment they desire.

 

PRIVACY BY DESIGN

 

The companies should design their systems with proper security protocols.

 

POTENTIAL DATA PROTECTION OFFICERS

 

Furthermore, in some cases, a DPO (Data Protection Officer) should be appointed by the firm.

 

Do you want full data on Gender Balance in the Board, Management Team and positions of power in the Management Team of any of the world's listed companies? The Basic Gender Index Algorithm of Merit500 categorizes the group of people into one of three categories; Balance, Non-Balance, or Dominance based on the gender balance within the selected group. For more information, go to the website.

 

NOTE: - MERIT500 has a publication certificate that allows the handling of personal data without the impact of the EU legislation, GDPR.