The GDPR or GDPR in English is the EU REGULATION 2016/679 emanating from the European Parliament and the Council of Europe of April 27, 2016 which deals with the protection of the privacy of individuals and the processing of personal data and the free flow of such data. It repeals Directive 95/46 / EC or the “General Data Protection Regulation” which introduces measures establishing the legal framework relating to the protection of personal data within the European Union.
A real social revolution is what the GDPR is. The digital world is in turmoil. The companies are on the alert and the users daily questioned and disturbed, to the point of nausea, about their wishes in matters of law and personal data. Yet it is indeed their protection and it is a huge step forward. The wild harassment of privacy and the almost dishonest marketing recovery of intimate data are now over. Internet user rights have become an essential must. First of all, let’s start at the beginning by clearly explaining the meaning of this somewhat barbaric acronym.
(R) general regulations (G) (P) for protection (D) of personal data
What is the GDPR? a European law that is immediately applicable in each European state. The GDPR or general European regulation for data protection and security entered into force on May 25, 2018. Since that date, compliance of businesses and administrations is a necessity and an obligation. A new character appears but also a new profession the Data Protection Officer otherwise called DPO. Hardly arrived on the market, this high level position in companies and administrations is already in shortage.
What is the GDPR and why was it drafted?
Many of the rules of the GDPR, the general data protection regulation, are similar to those defined in the 1995 European directive on data protection. However, the old directive was created before the age of social media and before the Internet completely changed the way we work and live.
Almost all of us have taken advantage of the use of “free” services from Google, Facebook and Twitter in exchange for a wide range of personal information (names, email addresses, marketing preferences, political tendencies or sexual orientation. “Terms and conditions “Confused and indigestible, passive and tendentious checkboxes have made it difficult to refuse to communicate his private data. The current revolution is completely centered on the right of the user, on the protection of his fundamental rights of withdrawal, his life privacy and individual freedoms The Old Data Protection Act has really become obsolete because today the regulations are much more comprehensive and much more incisive.
One of the famous and recent examples of the improper use of personal data, was the scandal by which Facebook allegedly influenced the outcome of the 2016 American elections. It is not nothing.
One of the distinct objectives of the GDPR is to make it easier and cheaper for companies to comply with data protection rules. The 1995 EU directive allowed member states to interpret the rules as they saw fit, and local interpretations abounded. The nature of the GDPR as a regulation, not as a directive, means that it applies directly without the need to transform it into law, which creates less differences in interpretation between Member States. The EU estimates that this will save businesses 2.3 billion euros a year. In the meantime, we must admit that protecting the user and ensuring compliance tends to increase the costs of managing organizations
IN BRIEF: What is the GDPR for dummies
- Obligation for most companies and public entities since May 25, 2018.
- Concerns the private and intimate personal data of users.
- The penalties for violations are enormous.
- The pivot of the system is the Data Protection Officer also called DPO.
- The DPO must be independent, transversal to the services in the company and have the means and resources necessary for its function.
- The former CIL, IT and Liberties correspondent, if there is one, must be reconverted into DPO by full and intense training.
- The GDPR also applies to companies outside the European Union that carry out computer processing using personal data with European citizens.
- A GDPR audit must be implemented for compliance.
- An AIPD must be carried out for large-scale processing of sensitive data.
The GDPR glossary for dummies
GDPR: RGPD in English
DPO: Data Protection Officer, Delegate for the protection of personal data
AIPD: Personal Data Impact Analysis (specific assessment of sensitive data)
PDIA: Same as above but in English Personal Data Impact Assessment
SENSITIVE DATA: Highly confidential data such as race, political, religious, union, sexual, etc.
CNIL supervisory authority.
G29 – WP29 former Article 29 Working Party, supervisory authority in Europe. Replaced by EDPS
EDPS European Committee for Data Protection (replaces the previous group G29)
The data protection reform pursues three objectives and obligations:
- Strengthen the rights of individuals, in particular by creating a right to the portability of personal data and provisions specific to minors; and
- Empower the actors processing the data (data controllers and processors); and
- Give credibility to the regulation thanks to reinforced cooperation between the data protection authorities which may, for example, adopt joint decisions when the data processing is transnational and impose reinforced sanctions.
This regulation seeks to regulate the processing of personal data (see article: ” What are the different types of data?”) In order to ensure in particular that they are processed in an adequate, relevant and limited to what is necessary for achieve the purposes for which the collection processing exists. Indeed, these direct application measures in each of the 28 member states are necessary in view of the emergence of new technologies.
Consequently, it makes the profession of ” Data Protection Officer ” compulsory in all companies (see: What is a DPO and what is its role?) And administrations or associations pursuing missions of public interest that are brought to process large-scale sensitive data on pain of being sent an extremely dissuasive fine.
The supervisory body can impose several types of administrative sanctions:
- The warning
- The formal notice from the company concerned
- Temporary or permanent limitation of processing
- Suspension of data flows
- The order to satisfy requests to exercise people’s rights.
- Withdrawal of certification.
To this can be added very heavy financial sanctions which mark the novelty of this European regulation. In fact, depending on the typology of types of offense, these can amount to 10 to 20 million euros or 2 to 4% of the company’s annual global turnover. The higher amount is retained.
About the author
DMTwebhosting.com‘s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: