Site icon Lean Apps GmbH

GDPR for dummies

The mark of 2018, an alarming beginning for most of the organizations today. On one hand, some are ready to welcome the new Data Protection Regulation: EU-GDPR while some are still struggling to understand what it really is and how it is different from general data protection laws.

GDPR is like a double-edged sword which has made companies to re-look into their data protection practices.  Now the question in minds of many is

Why a European Regulation GDPR has become an alarming Regulation for Companies across the Globe?

The answer to this lies in the significance that EU-GDPR has and how it differs from other data protection laws. This post will help you understand the most talked about topic: EU-GDPR, and how it stands in isolation against all other data protection laws.

What makes EU-GDPR different?
EU- GDPR is the new General Data Protection Regulation for the European Union. Every country today has their own data protection laws and yet EU-GDPR has attracted attention from all the parts of the world. The regulation complements as well as supplements most of the data protection practices today.

Let’s get insight to the regulation and see how it really differs:

1. EXTRA-TERRITORIAL JURISDICTION
Countries today are sovereign and are bound by their own laws and regulations. None can impose its laws upon other country.  A very interesting thing about EU-GDPR is its extra-territorial Jurisdiction. The regulation does not expressly claim its jurisdiction beyond EU but implies it by taking into its ambit all the organizations who serve EU citizens.  It is not only applicable to establishments based in European Union but also to all those companies that either sell goods or offer services to EU Citizens even if not established in EU. To put it into simple words, if you are an Australian company, have no base in any member country of EU but citizens in Europe can avail your services through your website operational in their country, you are still bound by General Data Protection Regulation.

2. REGULATION AND NOT A DIRECTIVE
It is very important to understand how regulation differs from a Directive.

A directive is an aim or a result that the union wants to achieve and the member states make their respective national legislation to achieve the said result or aim. It is the discretion of the member states to decide what to do, how and when to achieve the objective of the directive. Every member state may have different laws upon the same subject and enforce it at different times, depending upon their preparedness.

In case of a regulation, it has a legal binding on the member states as it is and comes into force on a set date decided under the regulation itself. It is binding on all the member states to comply to the regulation from the date of its enforceability. GDPR is a regulation that all member states of EU need to comply with or to say, shall be enforced from 25th May 2018 and non-compliance beyond that day shall result in penalty. Since it has extra-territorial jurisdiction, all the companies doing business in union need to comply to the GDPR by 25th May 2018.

3. REGULATION THAT EMPOWERS DATA SUBJECTS
Most of the data protection laws today lay obligation of companies to protect data and talks of their duties and liabilities. It is more organization concentric. The companies still had monopoly over the data they collect. GDPR is one of its kind to expressly recognize and state rights of the data subjects. It empowers users and gives them control over their data entirely.  A few of the empowering rights recognized under GDPR:

Police Funny Policewoman Cop Colleagues Figure

4. PENALTY THAT CAN MAKE BUSINESS GO BANKRUPT
Non-compliance can make a lot of companies to either go down or become bankrupt since the penalty for non-compliance can be maximized up to 4% of the Annual Global turnover or 20 million €, whichever is greater. If a company is unable to demonstrate compliance or that processing was consented, it can be fined for non-compliance.

5. A REGULATION WITH CAPABILITIES OF SETTING GLOBAL STANDARDS
Due to globalization and increased International business, there are rare or no chance that companies in any part of the globe would not have any business in the entire EU. Due to extended jurisdiction of GDPR, all the companies will also be bound by GDPR to continue their business in EU. Nations will also have to bring in laws which are consistent to GDPR to continue and discharge their trade related treaties with EU and its member states.

6. A MANDATORY DATA PROTECTION OFFICER

Companies that regularly process personal data or special category of data will have to employ a dedicated Data Protection Officer for all its data protection practices and compliance.

The regulation has brought new horizons to prevailing Data Protection Laws and has become the new face for them. The entire globe will see a radical shift in data protection practices post enforcement of EU-GDPR. It is high time when companies across globe, and even nations start taking proactive measures to comply to GDPR.

In our next post, we will help companies comply to the Regulation, till then, stay connected.

Keep Protecting! Happy Processing!

Exit mobile version