With the new wave of making everything digital, a lot of our data is now available on the cloud. Hacking and breaking into different servers is becoming the new norm now due to the surge in the development of technology. While we are making a lot of progress in the field of technology, it is also becoming increasingly difficult to ensure the privacy of users.
We’re uploading our information on the cloud on a daily basis This data can then be manipulated or misused for other purposes and undoes the privacy of our lives. In order to tackle this issue, the EU came up with GDPR. GDPR (General Data Protection Regulation) is devised for protecting our data and ensuring that it doesn’t fall into the wrong hands. You will be protected by the GDPR if you work for the EU or are in any way linked to the people who are a part of the EU.
GDPR AND ITS FUNCTIONS
This regulation was made effective as of May 25, 2018 by the EU in an attempt to make their employees and other related people feel more at ease about the security of their data. Coming under the umbrella of data security regulations, GDPR is considered to be the most effective and toughest security law with lengthy and harsh fines and penalties imposed upon people who breach this law.
GDPR clearly and precisely defines the line that shouldn’t be crossed and the consequences of going against the established guidelines regarding data privacy. In layman’s terms, these guidelines include how data, of people who are residents of the EU, should be collected and how this data can be dealt with for processing purposes.
HISTORY OF GDPR
The EU has always stood by its statement of protecting the privacy of people as dictated in the 1959 European Convention on Human Rights which defines privacy as the right of every individual. With the change in trends and evolvement of technology, the pressing issue of privacy over the cloud dawned upon the EU and the European Data Protection Directive was born as a result. However, this directive didn’t prove sufficient as more players entered the virtual market and the amount of data that was being shared over the internet kept increasing on a daily basis. The GDPR was drawn up in 2016 out of the burning need of stricter and harsher laws to implement data security and prevent breaches. This was then put into action in 2018.
REQUIREMENTS OF GDPR
As mentioned above, GDPR is accessible to the all members of the EU. There are some requirements which are essential for GDPR and we have listed some of them for you.
- In order to process the data of a user, consent will be required before any thing can be done.
- Data that has been collected will be recorded as anonymous in order to increase privacy.
- Transferring data across different parts of the world will require extra care and safety.
- Companies are required to hire a data protection officer who will oversee the protection of data and whether the company’s policies are in line with the GDPR or not.
- Controllers should inform the relevant authorities about any data breaches within 72 hours of the breach.
There are many other requirements of the GDPR, all of which define how the data of all EU citizens should be handled.
ENFORCEMENTS AND PENALTIES
In case the GDPR is not being implemented to the maximum extent, the supervising authorities (SAs) then have complete authority to carry out any investigations that they deem to be fit. Upon completion of the investigation, the supervising authority also has the power to issue warnings and penalties as a consequence of a breach.
People who are in control of the data should provide sufficient evidence to prove that they are compliant with GDPR. This can be done in the form of documentation, designating different responsibilities regarding the protection of data to the employees, signed contracts with third parties and other viable options as long as they can be counted as valid evidence.
The fines imposed are very hefty which are bound to make anyone think twice before stepping out of line. These penalties are two folds; a fine of either €20 million maximum or damages will have to be paid out to the victim in order to compensate for their loss.
DATA PROTECTION PRINCIPLES AND GDPR
It is no surprise that the GDPR maps out different principles that need to be followed when handling and protecting data. These principles include;
- All processing activities carried out on any individual’s data should be done by keeping the law in mind and in a transparent manner.
- If the data collected is personal, then it should be updated on a regular basis to ensure its’ accuracy.
- It is not advised to accumulate excessive data. The data collected should be pertinent to the task at hand.
- Data gathered should only be used for the purposes that were specified before the collection of data.
- Data shouldn’t be kept for longer than the time period that is required to process it, especially if it is very personal data.
- Data should be processed in an encrypted manner to ensure confidentiality.
- As mentioned earlier, data controller should provide adequate evidence to prove their compliance with the GDPR.
Laws and regulations have been passed in the past to ensure data security, for instance the Data Protection Directive. However, the GDPR ensures heftier penalties and all power rests in the hand of the Supervising Authorities and they also have the final say in how to deal with different security infringement issues. If you’re a citizen of the EU or associated with citizens of the EU, and are worried about the privacy of your data, then these regulations apply to you. We hope this will facilitate you in making decisions about what data you should upload and comprehending how safe your information is.