General Data Protection Regulation or GDPR is an updated version of the Data Protection Directive of 1995. This regulation is the brainchild of European Parliament, the European Council, and the European Commission. It is intended to strengthen the data protection for people living in the European Union.
Features of the Regulation
It lists the rights of the individual whose data is being processed. The individual in question will have power over their data under the Data Protection Regulation.
- Personal data cannot be processed without the express permission of the individual.
- The individual will have much easier access to his or her own data.
- The individual can exercise their right to rectification, to erasure and ‘to be forgotten’.
- The people who are processing the data will have more accountability and will be obliged to provide information to the individuals regarding the processing of their personal data.
Compliance and Application
The regulation will go into effect on 25 May 2018. The nations involved will not need to pass a separate legislation to make Data Protection Law effective. To all countries belonging to EU, only one set of rules will apply. However, any data processed in the context of national security or employment will still fall under the purview of country’s regulations.
Role of DPOs
Data security and scalability are already very important and with the coming of GDPR, new developments in relation to data processing are inevitable. The goal of the regulation is to put data protection as one of the major issues in the business agendas of the industry leaders. So, organizations will need to appoint at least one DPO to be in compliance with the regulation.
DPOs Will Have Some Specific Responsibilities
- They will develop policies for proper handling of personal data keeping in mind the organization’s requirements.
- They will have to make sure those employees, customers, and members are all well acquainted with the organizations data protection policies.
- Handle any questions or complaints regarding personal data.
- If any risks with regards to personal data become evident, the data protection officer will have to alert the company regarding the risk.
Any company wishing for any help or advice regarding this regulation can contact German Association for Data Protection. This is a well reputed Data Protection Consulting firm specializing in European Data Protection.